handbook/disks/chapter.xml

<?xml version="1.0" encoding="iso-8859-1"?>
<!--
     The FreeBSD Documentation Project

     $FreeBSD$
-->

<chapter xmlns="http://docbook.org/ns/docbook"
  xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0"
  xml:id="disks">

  <title>Storage</title>

  <sect1 xml:id="disks-synopsis">
    <title>Synopsis</title>

    <para>This chapter covers the use of disks and storage media in
      &os;.  This includes <acronym>SCSI</acronym> and
      <acronym>IDE</acronym> disks, <acronym>CD</acronym> and
      <acronym>DVD</acronym> media, memory-backed disks, and
      <acronym>USB</acronym> storage devices.</para>

    <para>After reading this chapter, you will know:</para>

    <itemizedlist>
      <listitem>
        <para>How to add additional hard disks to a &os;
          system.</para>
      </listitem>

      <listitem>
        <para>How to grow the size of a disk's partition on
          &os;.</para>
      </listitem>

      <listitem>
        <para>How to configure &os; to use <acronym>USB</acronym>
          storage devices.</para>
      </listitem>

      <listitem>
        <para>How to use <acronym>CD</acronym> and
          <acronym>DVD</acronym> media on a &os; system.</para>
      </listitem>

      <listitem>
        <para>How to use the backup programs available under
          &os;.</para>
      </listitem>

      <listitem>
        <para>How to set up memory disks.</para>
      </listitem>

      <listitem>
        <para>What file system snapshots are and how to use them
          efficiently.</para>
      </listitem>

      <listitem>
        <para>How to use quotas to limit disk space usage.</para>
      </listitem>

      <listitem>
        <para>How to encrypt disks and swap to secure them against
          attackers.</para>
      </listitem>

      <listitem>
        <para>How to configure a highly available storage
          network.</para>
      </listitem>
    </itemizedlist>

    <para>Before reading this chapter, you should:</para>

    <itemizedlist>
      <listitem>
        <para>Know how to <link linkend="kernelconfig">configure and
            install a new &os; kernel</link>.</para>
      </listitem>
    </itemizedlist>
  </sect1>

  <sect1 xml:id="disks-adding">
    <info>
      <title>Adding Disks</title>

      <authorgroup>
        <author>
          <personname>
            <firstname>David</firstname>
            <surname>O'Brien</surname>
          </personname>
          <contrib>Originally contributed by </contrib>
        </author>
      </authorgroup>
    </info>

    <indexterm>
      <primary>disks</primary>
      <secondary>adding</secondary>
    </indexterm>

    <para>This section describes how to add a new
      <acronym>SATA</acronym> disk to a machine that currently only
      has a single drive.  First, turn off the computer and install
      the drive in the computer following the instructions of the
      computer, controller, and drive manufacturers.  Reboot the
      system and become
      <systemitem class="username">root</systemitem>.</para>

    <para>Inspect <filename>/var/run/dmesg.boot</filename> to ensure
      the new disk was found.  In this example, the newly added
      <acronym>SATA</acronym> drive will appear as
      <filename>ada1</filename>.</para>

    <indexterm><primary>partitions</primary></indexterm>
    <indexterm>
      <primary><command>gpart</command></primary>
    </indexterm>

    <para>For this example, a single large partition will be created
      on the new disk.  The <link
        xlink:href="http://en.wikipedia.org/wiki/GUID_Partition_Table">
        <acronym>GPT</acronym></link> partitioning scheme will be
      used in preference to the older and less versatile
      <acronym>MBR</acronym> scheme.</para>

    <note>
      <para>If the disk to be added is not blank, old partition
        information can be removed with
        <command>gpart delete</command>.  See &man.gpart.8; for
        details.</para>
    </note>

    <para>The partition scheme is created, and then a single partition
      is added.  To improve performance on newer disks with larger
      hardware block sizes, the partition is aligned to one megabyte
      boundaries:</para>

    <screen>&prompt.root; <userinput>gpart create -s GPT ada1</userinput>
&prompt.root; <userinput>gpart add -t freebsd-ufs -a 1M ada1</userinput></screen>

    <para>Depending on use, several smaller partitions may be desired.
      See &man.gpart.8; for options to create partitions smaller than
      a whole disk.</para>

    <para>The disk partition information can be viewed with
      <command>gpart show</command>:</para>

    <screen>&prompt.user; <userinput>gpart show ada1</userinput>
=>        34  1465146988  ada1  GPT  (699G)
          34        2014        - free -  (1.0M)
        2048  1465143296     1  freebsd-ufs  (699G)
  1465145344        1678        - free -  (839K)</screen>

    <para>A file system is created in the new partition on the new disk:</para>

    <screen>&prompt.root; <userinput>newfs -U /dev/ada1p1</userinput></screen>

    <para>An empty directory is created as a
      <emphasis>mountpoint</emphasis>, a location for mounting the new
      disk in the original disk's file system:</para>

    <screen>&prompt.root; <userinput>mkdir /newdisk</userinput></screen>

    <para>Finally, an entry is added to
      <filename>/etc/fstab</filename> so the new disk will be mounted
      automatically at startup:</para>

    <programlisting>/dev/ada1p1 /newdisk        ufs     rw      2       2</programlisting>

    <para>The new disk can be mounted manually, without restarting the
      system:</para>

    <screen>&prompt.root; <userinput>mount /newdisk</userinput></screen>
  </sect1>

  <sect1 xml:id="disks-growing">
    <info>
      <title>Resizing and Growing Disks</title>

      <authorgroup>
        <author>
          <personname>
            <firstname>Allan</firstname>
            <surname>Jude</surname>
          </personname>
          <contrib>Originally contributed by </contrib>
        </author>
      </authorgroup>
    </info>

    <indexterm>
      <primary>disks</primary>
      <secondary>resizing</secondary>
    </indexterm>

    <para>A disk's capacity can increase without any changes to the
      data already present.  This happens commonly with virtual
      machines, when the virtual disk turns out to be too small and is
      enlarged.  Sometimes a disk image is written to a
      <acronym>USB</acronym> memory stick, but does not use the full
      capacity.  Here we describe how to resize or
      <emphasis>grow</emphasis> disk contents to take advantage of
      increased capacity.</para>

    <para>Determine the device name of the disk to be resized by
      inspecting <filename>/var/run/dmesg.boot</filename>.  In this
      example, there is only one <acronym>SATA</acronym> disk in the
      system, so the drive will appear as
      <filename>ada0</filename>.</para>

    <indexterm><primary>partitions</primary></indexterm>
    <indexterm>
      <primary><command>gpart</command></primary>
    </indexterm>

    <para>List the partitions on the disk to see the current
      configuration:</para>

    <screen>&prompt.root; <userinput>gpart show <replaceable>ada0</replaceable></userinput>
=>      34  83886013  ada0  GPT  (48G) [CORRUPT]
        34       128     1  freebsd-boot  (64k)
       162  79691648     2  freebsd-ufs  (38G)
  79691810   4194236     3  freebsd-swap  (2G)
  83886046         1        - free -  (512B)</screen>

    <note>
      <para>If the disk was formatted with the <link
          xlink:href="http://en.wikipedia.org/wiki/GUID_Partition_Table">
        <acronym>GPT</acronym></link> partitioning scheme, it may show
        as <quote>corrupted</quote> because the <acronym>GPT</acronym>
        backup partition table is no longer at the end of the
        drive.  Fix the backup
        partition table with
        <command>gpart</command>:</para>

      <screen>&prompt.root; <userinput>gpart recover <replaceable>ada0</replaceable></userinput>
ada0 recovered</screen>
    </note>

    <para>Now the additional space on the disk is available for
      use by a new partition, or an existing partition can be
      expanded:</para>

    <screen>&prompt.root; <userinput>gpart show <replaceable>ada0</replaceable></userinput>
=>       34  102399933  ada0  GPT  (48G)
         34        128     1  freebsd-boot  (64k)
        162   79691648     2  freebsd-ufs  (38G)
   79691810    4194236     3  freebsd-swap  (2G)
   83886046   18513921        - free -  (8.8G)</screen>

    <para>Partitions can only be resized into contiguous free space.
      Here, the last partition on the disk is the swap partition, but
      the second partition is the one that needs to be resized.  Swap
      partitions only contain temporary data, so it can safely be
      unmounted, deleted, and then recreate the third partition after
      resizing the second partition.</para>

    <para>Disable the swap partition:</para>

    <screen>&prompt.root; <userinput>swapoff <replaceable>/dev/ada0p3</replaceable></userinput></screen>

    <para>Delete the third partition, specified by the
      <option>-i</option> flag, from the disk
      <replaceable>ada0</replaceable>.</para>

    <screen>
&prompt.root; <userinput>gpart delete -i <replaceable>3</replaceable> <replaceable>ada0</replaceable></userinput>
ada0p3 deleted
&prompt.root; <userinput>gpart show <replaceable>ada0</replaceable></userinput>
=>       34  102399933  ada0  GPT  (48G)
         34        128     1  freebsd-boot  (64k)
        162   79691648     2  freebsd-ufs  (38G)
   79691810   22708157        - free -  (10G)</screen>

    <warning>
      <para>There is risk of data loss when modifying the partition
        table of a mounted file system.  It is best to perform the
        following steps on an unmounted file system while running from
        a live <acronym>CD-ROM</acronym> or <acronym>USB</acronym>
        device.  However, if absolutely necessary, a mounted file
        system can be  resized after disabling GEOM safety
        features:</para>

      <screen>&prompt.root; <userinput>sysctl kern.geom.debugflags=16</userinput></screen>
    </warning>

    <para>Resize the partition, leaving room to recreate a swap
      partition of the desired size.  The partition to resize is
      specified with <option>-i</option>, and the new desired size
      with <option>-s</option>.  Optionally, alignment of the
      partition is controlled with <option>-a</option>.  This only
      modifies the size of the partition.  The file system in the
      partition will be expanded in a separate step.</para>

    <screen>&prompt.root; <userinput>gpart resize -i <replaceable>2</replaceable> -s <replaceable>47G</replaceable> -a 4k <replaceable>ada0</replaceable></userinput>
ada0p2 resized
&prompt.root; <userinput>gpart show <replaceable>ada0</replaceable></userinput>
=>       34  102399933  ada0  GPT  (48G)
         34        128     1  freebsd-boot  (64k)
        162   98566144     2  freebsd-ufs  (47G)
   98566306    3833661        - free -  (1.8G)</screen>

    <para>Recreate the swap partition and activate it.  If no size
      is specified with <option>-s</option>, all remaining space is
      used:</para>

    <screen>&prompt.root; <userinput>gpart add -t freebsd-swap -a 4k <replaceable>ada0</replaceable></userinput>
ada0p3 added
&prompt.root; <userinput>gpart show <replaceable>ada0</replaceable></userinput>
=>       34  102399933  ada0  GPT  (48G)
         34        128     1  freebsd-boot  (64k)
        162   98566144     2  freebsd-ufs  (47G)
   98566306    3833661     3  freebsd-swap  (1.8G)
&prompt.root; <userinput>swapon <replaceable>/dev/ada0p3</replaceable></userinput></screen>

    <para>Grow the <acronym>UFS</acronym> file system to use the new
      capacity of the resized partition:</para>

    <screen>&prompt.root; <userinput>growfs <replaceable>/dev/ada0p2</replaceable></userinput>
Device is mounted read-write; resizing will result in temporary write suspension for /.
It's strongly recommended to make a backup before growing the file system.
OK to grow file system on /dev/ada0p2, mounted on /, from 38GB to 47GB? [Yes/No] <userinput>Yes</userinput>
super-block backups (for fsck -b #) at:
 80781312, 82063552, 83345792, 84628032, 85910272, 87192512, 88474752,
 89756992, 91039232, 92321472, 93603712, 94885952, 96168192, 97450432</screen>

    <para>If the file system is <acronym>ZFS</acronym>, the resize is
      triggered by running the <option>online</option> subcommand with
      <option>-e</option>:</para>

    <screen>&prompt.root; <userinput>zpool online -e <replaceable>zroot</replaceable> <replaceable>/dev/ada0p2</replaceable></userinput></screen>

    <para>Both the partition and the file system on it have now been
      resized to use the newly-available disk space.</para>
  </sect1>

  <sect1 xml:id="usb-disks">
    <info>
      <title><acronym>USB</acronym> Storage Devices</title>

      <authorgroup>
        <author>
          <personname>
            <firstname>Marc</firstname>
            <surname>Fonvieille</surname>
          </personname>
          <contrib>Contributed by </contrib>
        </author>
      </authorgroup>
    </info>

    <indexterm>
      <primary>USB</primary>
      <secondary>disks</secondary>
    </indexterm>

    <para>Many external storage solutions, such as hard drives,
      <acronym>USB</acronym> thumbdrives, and <acronym>CD</acronym>
      and <acronym>DVD</acronym> burners, use the Universal Serial Bus
      (<acronym>USB</acronym>).  &os; provides support for
      <acronym>USB</acronym> 1.x, 2.0, and 3.0 devices.</para>

    <note>
      <para><acronym>USB</acronym> 3.0 support is not compatible with
        some hardware, including Haswell (Lynx point) chipsets.  If
        &os; boots with a <errorname>failed with error 19</errorname>
        message, disable xHCI/USB3 in the system
        <acronym>BIOS</acronym>.</para>
    </note>

    <para>Support for <acronym>USB</acronym> storage devices is built
      into the <filename>GENERIC</filename> kernel.  For a custom
      kernel, be sure that the following lines are present in the
      kernel configuration file:</para>

    <programlisting>device scbus        # SCSI bus (required for ATA/SCSI)
device da       # Direct Access (disks)
device pass     # Passthrough device (direct ATA/SCSI access)
device uhci     # provides USB 1.x support
device ohci     # provides USB 1.x support
device ehci     # provides USB 2.0 support
device xhci     # provides USB 3.0 support
device usb      # USB Bus (required)
device umass    # Disks/Mass storage - Requires scbus and da
device cd       # needed for CD and DVD burners</programlisting>

    <para>&os; uses the &man.umass.4; driver which uses the
      <acronym>SCSI</acronym> subsystem to access
      <acronym>USB</acronym> storage devices.  Since any
      <acronym>USB</acronym> device will be seen as a
      <acronym>SCSI</acronym> device by the system, if the
      <acronym>USB</acronym> device is a <acronym>CD</acronym> or
      <acronym>DVD</acronym> burner, do <emphasis>not</emphasis>
      include <option>device atapicam</option> in a custom kernel
      configuration file.</para>

    <para>The rest of this section demonstrates how to verify that a
      <acronym>USB</acronym> storage device is recognized by &os; and
      how to configure the device so that it can be used.</para>

    <sect2>
      <title>Device Configuration</title>

      <para>To test the <acronym>USB</acronym> configuration, plug in
        the <acronym>USB</acronym> device.  Use
        <command>dmesg</command> to confirm that the drive appears in
        the system message buffer.  It should look something like
        this:</para>

      <screen>umass0: &lt;STECH Simple Drive, class 0/0, rev 2.00/1.04, addr 3&gt; on usbus0
umass0:  SCSI over Bulk-Only; quirks = 0x0100
umass0:4:0:-1: Attached to scbus4
da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
da0: &lt;STECH Simple Drive 1.04&gt; Fixed Direct Access SCSI-4 device
da0: Serial Number WD-WXE508CAN263
da0: 40.000MB/s transfers
da0: 152627MB (312581808 512 byte sectors: 255H 63S/T 19457C)
da0: quirks=0x2&lt;NO_6_BYTE&gt;</screen>

      <para>The brand, device node (<filename>da0</filename>), speed,
        and size will differ according to the device.</para>

      <para>Since the <acronym>USB</acronym> device is seen as a
        <acronym>SCSI</acronym> one, <command>camcontrol</command> can
        be used to list the <acronym>USB</acronym> storage devices
        attached to the system:</para>

      <screen>&prompt.root; <userinput>camcontrol devlist</userinput>
&lt;STECH Simple Drive 1.04&gt;          at scbus4 target 0 lun 0 (pass3,da0)</screen>

      <para>Alternately, <command>usbconfig</command> can be used to
        list the device.  Refer to &man.usbconfig.8; for more
        information about this command.</para>

      <screen>&prompt.root; <userinput>usbconfig</userinput>
ugen0.3: &lt;Simple Drive STECH&gt; at usbus0, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON (2mA)</screen>

      <para>If the device has not been formatted, refer to <xref
          linkend="disks-adding"/> for instructions on how to format
        and create partitions on the <acronym>USB</acronym> drive.  If
        the drive comes with a file system, it can be mounted by
        <systemitem class="username">root</systemitem> using the
        instructions in <xref linkend="mount-unmount"/>.</para>

      <warning>
        <para>Allowing untrusted users to mount arbitrary media, by
          enabling <varname>vfs.usermount</varname> as described
          below, should not be considered safe from a security point
          of view.  Most file systems were not built to safeguard
          against malicious devices.</para>
      </warning>

      <para>To make the device mountable as a normal user, one
        solution is to make all users of the device a member of the
        <systemitem class="groupname">operator</systemitem> group
        using &man.pw.8;.  Next, ensure that <systemitem
          class="groupname">operator</systemitem> is able to read and
        write the device by adding these lines to
        <filename>/etc/devfs.rules</filename>:</para>

      <programlisting>[localrules=5]
add path 'da*' mode 0660 group operator</programlisting>

      <note>
        <para>If internal <acronym>SCSI</acronym> disks are also
          installed in the system, change the second line as
          follows:</para>

        <programlisting>add path 'da[<replaceable>3</replaceable>-9]*' mode 0660 group operator</programlisting>

        <para>This will exclude the first three
          <acronym>SCSI</acronym> disks (<filename>da0</filename> to
          <filename>da2</filename>)from belonging to the <systemitem
            class="groupname">operator</systemitem> group.  Replace
          <replaceable>3</replaceable> with the number of internal
          <acronym>SCSI</acronym> disks.  Refer to &man.devfs.rules.5;
          for more information about this file.</para>
      </note>

      <para>Next, enable the ruleset in
        <filename>/etc/rc.conf</filename>:</para>

      <programlisting>devfs_system_ruleset="localrules"</programlisting>

      <para>Then, instruct the system to allow regular users to mount
        file systems by adding the following line to
        <filename>/etc/sysctl.conf</filename>:</para>

      <programlisting>vfs.usermount=1</programlisting>

      <para>Since this only takes effect after the next reboot, use
        <command>sysctl</command> to set this variable now:</para>

      <screen>&prompt.root; <userinput>sysctl vfs.usermount=1</userinput>
vfs.usermount: 0 -&gt; 1</screen>

      <para>The final step is to create a directory where the file
        system is to be mounted.  This directory needs to be owned by
        the user that is to mount the file system.  One way to do that
        is for <systemitem class="username">root</systemitem> to
        create a subdirectory owned by that user as <filename
          >/mnt/<replaceable>username</replaceable></filename>.
        In the following example, replace
        <replaceable>username</replaceable> with the login name of the
        user and <replaceable>usergroup</replaceable> with the user's
        primary group:</para>

      <screen>&prompt.root; <userinput>mkdir /mnt/<replaceable>username</replaceable></userinput>
&prompt.root; <userinput>chown <replaceable>username</replaceable>:<replaceable>usergroup</replaceable> /mnt/<replaceable>username</replaceable></userinput></screen>

      <para>Suppose a <acronym>USB</acronym> thumbdrive is plugged in,
        and a device <filename>/dev/da0s1</filename> appears.  If the
        device is formatted with a <acronym>FAT</acronym> file system,
        the user can mount it using:</para>

      <screen>&prompt.user; <userinput>mount -t msdosfs -o -m=644,-M=755 /dev/da0s1 /mnt/<replaceable>username</replaceable></userinput></screen>

      <para>Before the device can be unplugged, it
        <emphasis>must</emphasis> be unmounted first:</para>

      <screen>&prompt.user; <userinput>umount /mnt/<replaceable>username</replaceable></userinput></screen>

      <para>After device removal, the system message buffer will show
        messages similar to the following:</para>

      <screen>umass0: at uhub3, port 2, addr 3 (disconnected)
da0 at umass-sim0 bus 0 scbus4 target 0 lun 0
da0: &lt;STECH Simple Drive 1.04&gt; s/n WD-WXE508CAN263          detached
(da0:umass-sim0:0:0:0): Periph destroyed</screen>
    </sect2>

    <sect2>
      <title>Automounting Removable Media</title>

      <para><acronym>USB</acronym> devices can be automatically
        mounted by uncommenting this line in
        <filename>/etc/auto_master</filename>:</para>

      <screen>/media            -media          -nosuid</screen>

      <para>Then add these lines to
        <filename>/etc/devd.conf</filename>:</para>

      <screen>notify 100 {
        match "system" "GEOM";
        match "subsystem" "DEV";
        action "/usr/sbin/automount -c";
};</screen>

      <para>Reload the configuration if &man.autofs.5;
        and &man.devd.8; are already running:</para>

      <screen>&prompt.root; <userinput>service automount restart</userinput>
&prompt.root; <userinput>service devd restart</userinput></screen>

      <para>&man.autofs.5; can be set to start at boot by adding this
        line to <filename>/etc/rc.conf</filename>:</para>

      <programlisting>autofs_enable="YES"</programlisting>

      <para>&man.autofs.5; requires &man.devd.8; to be enabled, as it
        is by default.</para>

      <para>Start the services immediately with:</para>

      <screen>&prompt.root; <userinput>service automount start</userinput>
&prompt.root; <userinput>service automountd start</userinput>
&prompt.root; <userinput>service autounmountd start</userinput>
&prompt.root; <userinput>service devd start</userinput></screen>

      <para>Each file system that can be automatically mounted appears
        as a directory in <filename>/media/</filename>.  The directory
        is named after the file system label.  If the label is
        missing, the directory is named after the device node.</para>

      <para>The file system is transparently mounted on the first
        access, and unmounted after a period of inactivity.
        Automounted drives can also be unmounted manually:</para>

      <screen>&prompt.root; <userinput>automount -fu</userinput></screen>

      <para>This mechanism is typically used for memory cards and
        <acronym>USB</acronym> memory sticks.  It can be used with
        any block device, including optical drives or
        <acronym>iSCSI</acronym> <acronym>LUN</acronym>s.</para>
    </sect2>
  </sect1>

  <sect1 xml:id="creating-cds">
    <info>
      <title>Creating and Using <acronym>CD</acronym> Media</title>

      <authorgroup>
        <author>
          <personname>
            <firstname>Mike</firstname>
            <surname>Meyer</surname>
          </personname>
          <contrib>Contributed by </contrib>
        </author>
      </authorgroup>
    </info>

    <indexterm>
      <primary><acronym>CD-ROM</acronym>s</primary>
      <secondary>creating</secondary>
    </indexterm>

    <para>Compact Disc (<acronym>CD</acronym>) media provide a number
      of features that differentiate them from conventional disks.
      They are designed so that they can be read continuously without
      delays to move the head between tracks.  While
      <acronym>CD</acronym> media do have tracks, these refer to a
      section of data to be read continuously, and not a physical
      property of the disk.  The <acronym>ISO</acronym> 9660 file
      system was designed to deal with these differences.</para>

    <indexterm><primary><acronym>ISO</acronym>
      9660</primary></indexterm>
    <indexterm>
      <primary>file systems</primary>
      <secondary>ISO 9660</secondary>
    </indexterm>

    <indexterm>
      <primary><acronym>CD</acronym> burner</primary>
      <secondary><acronym>ATAPI</acronym></secondary>
    </indexterm>

    <para>The &os; Ports Collection provides several utilities for
      burning and duplicating audio and data <acronym>CD</acronym>s.
      This chapter demonstrates the use of several command line
      utilities.  For <acronym>CD</acronym> burning software with a
      graphical utility, consider installing the
      <package>sysutils/xcdroast</package> or
      <package>sysutils/k3b</package> packages or ports.</para>

    <sect2 xml:id="atapicam">
      <info>
        <title>Supported Devices</title>

        <authorgroup>
          <author>
            <personname>
              <firstname>Marc</firstname>
              <surname>Fonvieille</surname>
            </personname>
            <contrib>Contributed by </contrib>
          </author>
        </authorgroup>
      </info>

      <indexterm>
        <primary><acronym>CD</acronym> burner</primary>
        <secondary>ATAPI/CAM driver</secondary>
      </indexterm>

      <para>The <filename>GENERIC</filename> kernel provides support
        for <acronym>SCSI</acronym>,  <acronym>USB</acronym>, and
        <acronym>ATAPI</acronym> <acronym>CD</acronym> readers and
        burners.  If a custom kernel is used, the options that need to
        be present in the kernel configuration file vary by the type
        of device.</para>

      <para>For a <acronym>SCSI</acronym> burner, make sure these
        options are present:</para>

      <programlisting>device scbus      # SCSI bus (required for ATA/SCSI)
device da       # Direct Access (disks)
device pass     # Passthrough device (direct ATA/SCSI access)
device cd       # needed for CD and DVD burners</programlisting>

      <para>For a <acronym>USB</acronym> burner, make sure these
        options are present:</para>

      <programlisting>device scbus      # SCSI bus (required for ATA/SCSI)
device da       # Direct Access (disks)
device pass     # Passthrough device (direct ATA/SCSI access)
device cd       # needed for CD and DVD burners
device uhci     # provides USB 1.x support
device ohci     # provides USB 1.x support
device ehci     # provides USB 2.0 support
device xhci     # provides USB 3.0 support
device usb      # USB Bus (required)
device umass    # Disks/Mass storage - Requires scbus and da</programlisting>

      <para>For an <acronym>ATAPI</acronym> burner, make sure these
        options are present:</para>

      <programlisting>device ata        # Legacy ATA/SATA controllers
device scbus    # SCSI bus (required for ATA/SCSI)
device pass     # Passthrough device (direct ATA/SCSI access)
device cd       # needed for CD and DVD burners</programlisting>

      <note>
        <para>On &os; versions prior to 10.x, this line is also
          needed in the kernel configuration file if the burner is an
          <acronym>ATAPI</acronym> device:</para>

        <programlisting>device atapicam</programlisting>

        <para>Alternately, this driver can be loaded at boot time by
          adding the following line to
          <filename>/boot/loader.conf</filename>:</para>

        <programlisting>atapicam_load="YES"</programlisting>

        <para>This will require a reboot of the system as this driver
          can only be loaded at boot time.</para>
      </note>

      <para>To verify that &os; recognizes the device, run
        <command>dmesg</command> and look for an entry for the device.
        On systems prior to 10.x, the device name in the first line of
        the output will be <filename>acd0</filename> instead of
        <filename>cd0</filename>.</para>

      <screen>&prompt.user; <userinput>dmesg | grep cd</userinput>
cd0 at ahcich1 bus 0 scbus1 target 0 lun 0
cd0: &lt;HL-DT-ST DVDRAM GU70N LT20&gt; Removable CD-ROM SCSI-0 device
cd0: Serial Number M3OD3S34152
cd0: 150.000MB/s transfers (SATA 1.x, UDMA6, ATAPI 12bytes, PIO 8192bytes)
cd0: Attempt to query device size failed: NOT READY, Medium not present - tray closed</screen>
    </sect2>

    <sect2 xml:id="cdrecord">
      <title>Burning a <acronym>CD</acronym></title>

      <para>In &os;, <command>cdrecord</command> can be used to burn
        <acronym>CD</acronym>s.  This command is installed with the
        <package>sysutils/cdrtools</package> package or port.</para>

      <para>While <command>cdrecord</command> has many options, basic
        usage is simple.  Specify the name of the
        <acronym>ISO</acronym> file to burn and, if the system has
        multiple burner devices, specify the name of the device to
        use:</para>

      <screen>&prompt.root; <userinput>cdrecord <replaceable>dev=device</replaceable> <replaceable>imagefile.iso</replaceable></userinput></screen>

      <para>To determine the device name of the burner, use
        <option>-scanbus</option> which might produce results like
        this:</para>

      <indexterm>
        <primary><acronym>CD-ROM</acronym>s</primary>
        <secondary>burning</secondary>
      </indexterm>
      <screen>&prompt.root; <userinput>cdrecord -scanbus</userinput>
ProDVD-ProBD-Clone 3.00 (amd64-unknown-freebsd10.0) Copyright (C) 1995-2010 J&ouml;rg Schilling
Using libscg version 'schily-0.9'
scsibus0:
        0,0,0     0) 'SEAGATE ' 'ST39236LW       ' '0004' Disk
        0,1,0     1) 'SEAGATE ' 'ST39173W        ' '5958' Disk
        0,2,0     2) *
        0,3,0     3) 'iomega  ' 'jaz 1GB         ' 'J.86' Removable Disk
        0,4,0     4) 'NEC     ' 'CD-ROM DRIVE:466' '1.26' Removable CD-ROM
        0,5,0     5) *
        0,6,0     6) *
        0,7,0     7) *
scsibus1:
        1,0,0   100) *
        1,1,0   101) *
        1,2,0   102) *
        1,3,0   103) *
        1,4,0   104) *
        1,5,0   105) 'YAMAHA  ' 'CRW4260         ' '1.0q' Removable CD-ROM
        1,6,0   106) 'ARTEC   ' 'AM12S           ' '1.06' Scanner
        1,7,0   107) *</screen>

      <para>Locate the entry for the <acronym>CD</acronym> burner and
        use the three numbers separated by commas as the value for
        <option>dev</option>.  In this case, the Yamaha burner device
        is <literal>1,5,0</literal>, so the appropriate input to
        specify that device is <option>dev=1,5,0</option>.  Refer to
        the manual page for <command>cdrecord</command> for other ways
        to specify this value and for information on writing audio
        tracks and controlling the write speed.</para>

      <para>Alternately, run the following command to get the device
        address of the burner:</para>

      <screen>&prompt.root; <userinput>camcontrol devlist</userinput>
&lt;MATSHITA CDRW/DVD UJDA740 1.00&gt;   at scbus1 target 0 lun 0 (cd0,pass0)</screen>

      <para>Use the numeric values for <literal>scbus</literal>,
        <literal>target</literal>, and <literal>lun</literal>.  For
        this example, <literal>1,0,0</literal> is the device name to
        use.</para>
    </sect2>

    <sect2 xml:id="mkisofs">
      <title>Writing Data to an <acronym>ISO</acronym> File
        System</title>

      <para>In order to produce a data <acronym>CD</acronym>, the data
        files that are going to make up the tracks on the
        <acronym>CD</acronym> must be prepared before they can be
        burned to the <acronym>CD</acronym>.  In &os;,
        <package>sysutils/cdrtools</package> installs
        <command>mkisofs</command>, which can be used to produce an
        <acronym>ISO</acronym> 9660 file system that is an image of a
        directory tree within a &unix; file system.  The simplest
        usage is to specify the name of the <acronym>ISO</acronym>
        file to create and the path to the files to place into the
        <acronym>ISO</acronym> 9660 file system:</para>

      <screen>&prompt.root; <userinput>mkisofs -o <replaceable>imagefile.iso</replaceable> <replaceable>/path/to/tree</replaceable></userinput></screen>

      <indexterm>
        <primary>file systems</primary>
        <secondary>ISO 9660</secondary>
      </indexterm>

      <para>This command maps the file names in the specified path to
        names that fit the limitations of the standard
        <acronym>ISO</acronym> 9660 file system, and will exclude
        files that do not meet the standard for <acronym>ISO</acronym>
        file systems.</para>

      <indexterm>
        <primary>file systems</primary>
        <secondary>Joliet</secondary>
      </indexterm>

      <para>A number of options are available to overcome the
        restrictions imposed by the standard.  In particular,
        <option>-R</option> enables the Rock Ridge extensions common
        to &unix; systems and <option>-J</option> enables Joliet
        extensions used by &microsoft; systems.</para>

      <para>For <acronym>CD</acronym>s that are going to be used only
        on &os; systems, <option>-U</option> can be used to disable
        all filename restrictions.  When used with
        <option>-R</option>, it produces a file system image that is
        identical to the specified &os; tree, even if it violates the
        <acronym>ISO</acronym> 9660 standard.</para>

      <indexterm>
        <primary><acronym>CD-ROM</acronym>s</primary>
        <secondary>creating bootable</secondary>
      </indexterm>

      <para>The last option of general use is <option>-b</option>.
        This is used to specify the location of a boot image for use
        in producing an <quote>El Torito</quote> bootable
        <acronym>CD</acronym>.  This option takes an argument which is
        the path to a boot image from the top of the tree being
        written to the <acronym>CD</acronym>.  By default,
        <command>mkisofs</command> creates an <acronym>ISO</acronym>
        image in <quote>floppy disk emulation</quote> mode, and thus
        expects the boot image to be exactly 1200, 1440 or
        2880&nbsp;KB in size.  Some boot loaders, like the one used by
        the &os; distribution media, do not use emulation mode.  In
        this case, <option>-no-emul-boot</option> should be used.  So,
        if <filename>/tmp/myboot</filename> holds a bootable &os;
        system with the boot image in
        <filename>/tmp/myboot/boot/cdboot</filename>, this command
        would produce
        <filename>/tmp/bootable.iso</filename>:</para>

      <screen>&prompt.root; <userinput>mkisofs -R -no-emul-boot -b boot/cdboot -o /tmp/bootable.iso /tmp/myboot</userinput></screen>

      <para>The resulting <acronym>ISO</acronym> image can be mounted
        as a memory disk with:</para>

      <screen>&prompt.root; <userinput>mdconfig -a -t vnode -f /tmp/bootable.iso -u 0</userinput>
&prompt.root; <userinput>mount -t cd9660 /dev/md0 /mnt</userinput></screen>

      <para>One can then verify that <filename>/mnt</filename> and
        <filename>/tmp/myboot</filename> are identical.</para>

      <para>There are many other options available for
        <command>mkisofs</command> to fine-tune its behavior.  Refer
        to &man.mkisofs.8; for details.</para>

      <note>
        <para>It is possible to copy a data <acronym>CD</acronym> to
          an image file that is functionally equivalent to the image
          file created with <command>mkisofs</command>.  To do so, use
          <filename>dd</filename> with the device name as the input
          file and the name of the <acronym>ISO</acronym> to create as
          the output file:</para>

        <screen>&prompt.root; <userinput>dd if=/dev/<replaceable>cd0</replaceable> of=<replaceable>file.iso</replaceable> bs=2048</userinput></screen>

        <para>The resulting image file can be burned to
          <acronym>CD</acronym> as described in <xref
            linkend="cdrecord"/>.</para>
      </note>
    </sect2>

    <sect2 xml:id="mounting-cd">
      <title>Using Data <acronym>CD</acronym>s</title>

      <para>Once an <acronym>ISO</acronym> has been burned to a
        <acronym>CD</acronym>, it can be mounted by specifying the
        file system type, the name of the device containing the
        <acronym>CD</acronym>, and an existing mount point:</para>

      <screen>&prompt.root; <userinput>mount -t cd9660 <replaceable>/dev/cd0</replaceable> <replaceable>/mnt</replaceable></userinput></screen>

      <para>Since <command>mount</command> assumes that a file system
        is of type <literal>ufs</literal>, a <errorname>Incorrect
          super block</errorname> error will occur if <literal>-t
          cd9660</literal> is not included when mounting a data
        <acronym>CD</acronym>.</para>

      <para>While any data <acronym>CD</acronym> can be mounted this
        way, disks with certain <acronym>ISO</acronym> 9660 extensions
        might behave oddly.  For example, Joliet disks store all
        filenames in two-byte Unicode characters.  If some non-English
        characters show up as question marks, specify the local
        charset with <option>-C</option>.  For more information, refer
        to &man.mount.cd9660.8;.</para>

      <note>
        <para>In order to do this character conversion with the help
          of <option>-C</option>, the kernel requires the
          <filename>cd9660_iconv.ko</filename> module to be loaded.
          This can be done either by adding this line to
          <filename>loader.conf</filename>:</para>

        <programlisting>cd9660_iconv_load="YES"</programlisting>

        <para>and then rebooting the machine, or by directly loading
          the module with <command>kldload</command>.</para>
      </note>

      <para>Occasionally, <errorname>Device not configured</errorname>
        will be displayed when trying to mount a data
        <acronym>CD</acronym>.  This usually means that the
        <acronym>CD</acronym> drive has not detected a disk in
        the tray, or that the drive is not visible on the bus.  It
        can take a couple of seconds for a <acronym>CD</acronym>
        drive to detect media, so be
        patient.</para>

      <para>Sometimes, a <acronym>SCSI</acronym>
        <acronym>CD</acronym> drive may be missed because it did not
        have enough time to answer the bus reset.  To resolve this,
        a custom kernel can be created which increases the default
        <acronym>SCSI</acronym> delay.  Add the following option to
        the custom kernel configuration file and rebuild the kernel
        using the instructions in <xref
          linkend="kernelconfig-building"/>:</para>

      <programlisting>options SCSI_DELAY=15000</programlisting>

      <para>This tells the <acronym>SCSI</acronym> bus to pause 15
        seconds during boot, to give the <acronym>CD</acronym>
        drive every possible chance to answer the bus reset.</para>

      <note>
        <para>It is possible to burn a file directly to
          <acronym>CD</acronym>, without creating an
          <acronym>ISO</acronym> 9660 file system.  This is known as
          burning a raw data <acronym>CD</acronym> and some people do
          this for backup purposes.</para>

        <para>This type of disk can not be mounted as a normal data
          <acronym>CD</acronym>.  In order to retrieve the data burned
          to such a <acronym>CD</acronym>, the data must be read from
          the raw device node.  For example, this command will extract
          a compressed tar file located on the second
          <acronym>CD</acronym> device into the current working
          directory:</para>

        <screen>&prompt.root; <userinput>tar xzvf /dev/<replaceable>cd1</replaceable></userinput></screen>

        <para>  In order to mount a data <acronym>CD</acronym>, the
          data must be written using
          <command>mkisofs</command>.</para>
      </note>
    </sect2>

    <sect2 xml:id="duplicating-audiocds">
      <title>Duplicating Audio <acronym>CD</acronym>s</title>

      <para>To duplicate an audio <acronym>CD</acronym>, extract the
        audio data from the <acronym>CD</acronym> to a series of
        files, then write these files to a blank
        <acronym>CD</acronym>.</para>

      <para><xref linkend="using-cdrecord"/> describes how to
        duplicate and burn an audio <acronym>CD</acronym>.  If the
        &os; version is less than 10.0 and the device is
        <acronym>ATAPI</acronym>, the <option>atapicam</option> module
        must be first loaded using the instructions in <xref
          linkend="atapicam"/>.</para>

      <procedure xml:id="using-cdrecord">
        <title>Duplicating an Audio <acronym>CD</acronym></title>

        <step>
          <para>The <package>sysutils/cdrtools</package> package or
            port installs <command>cdda2wav</command>.  This command
            can be used to extract all of the audio tracks, with each
            track written to a separate <acronym>WAV</acronym> file in
            the current working directory:</para>

          <screen>&prompt.user; <userinput>cdda2wav -vall -B -Owav</userinput></screen>

          <para>A device name does not need to be specified if there
            is only one <acronym>CD</acronym> device on the system.
            Refer to the <command>cdda2wav</command> manual page for
            instructions on how to specify a device and to learn more
            about the other options available for this command.</para>
        </step>

        <step>
          <para>Use <command>cdrecord</command> to write the
            <filename>.wav</filename> files:</para>

          <screen>&prompt.user; <userinput>cdrecord -v dev=<replaceable>2,0</replaceable> -dao -useinfo  *.wav</userinput></screen>

          <para>Make sure that <replaceable>2,0</replaceable> is set
            appropriately, as described in <xref
              linkend="cdrecord"/>.</para>
        </step>
      </procedure>
    </sect2>
  </sect1>

  <sect1 xml:id="creating-dvds">
    <info>
      <title>Creating and Using <acronym>DVD</acronym> Media</title>

      <authorgroup>
        <author>
          <personname>
            <firstname>Marc</firstname>
            <surname>Fonvieille</surname>
          </personname>
          <contrib>Contributed by </contrib>
        </author>
      </authorgroup>
      <authorgroup>
        <author>
          <personname>
            <firstname>Andy</firstname>
            <surname>Polyakov</surname>
          </personname>
          <contrib>With inputs from </contrib>
        </author>
      </authorgroup>
    </info>

    <indexterm>
      <primary><acronym>DVD</acronym></primary>
      <secondary>burning</secondary>
    </indexterm>

    <para>Compared to the <acronym>CD</acronym>, the
      <acronym>DVD</acronym> is the next generation of optical media
      storage technology.  The <acronym>DVD</acronym> can hold more
      data than any <acronym>CD</acronym> and is the standard for
      video publishing.</para>

    <para>Five physical recordable formats can be defined for a
      recordable <acronym>DVD</acronym>:</para>

    <itemizedlist>
      <listitem>
        <para>DVD-R: This was the first <acronym>DVD</acronym>
          recordable format available.  The DVD-R standard is defined
          by the <link
            xlink:href="http://www.dvdforum.org/forum.shtml"><acronym>DVD</acronym>
            Forum</link>.  This format is write once.</para>
      </listitem>

      <listitem>
        <para><acronym>DVD-RW</acronym>: This is the rewritable
          version of the DVD-R standard.  A
          <acronym>DVD-RW</acronym> can be rewritten about 1000
          times.</para>
      </listitem>

      <listitem>
        <para><acronym>DVD-RAM</acronym>: This is a rewritable format
          which can be seen as a removable hard drive.  However, this
          media is not compatible with most
          <acronym>DVD-ROM</acronym> drives and DVD-Video players as
          only a few <acronym>DVD</acronym> writers support the
          <acronym>DVD-RAM</acronym> format.  Refer to <xref
            linkend="creating-dvd-ram"/> for more information on
          <acronym>DVD-RAM</acronym> use.</para>
      </listitem>

      <listitem>
        <para><acronym>DVD+RW</acronym>: This is a rewritable format
          defined by the <link
            xlink:href="https://en.wikipedia.org/wiki/DVD%2BRW_Alliance">
            <acronym>DVD+RW</acronym> Alliance</link>.  A
          <acronym>DVD+RW</acronym> can be rewritten about 1000
            times.</para>
      </listitem>

      <listitem>
        <para>DVD+R: This format is the write once variation of the
          <acronym>DVD+RW</acronym> format.</para>
      </listitem>
    </itemizedlist>

    <para>A single layer recordable <acronym>DVD</acronym> can hold up
      to 4,700,000,000&nbsp;bytes which is actually 4.38&nbsp;GB or
      4485&nbsp;MB as 1 kilobyte is 1024 bytes.</para>

    <note>
      <para>A distinction must be made between the physical media and
        the application.  For example, a DVD-Video is a specific file
        layout that can be written on any recordable
        <acronym>DVD</acronym> physical media such as DVD-R, DVD+R, or
        <acronym>DVD-RW</acronym>.  Before choosing the type of media,
        ensure that both the burner and the DVD-Video player are
        compatible with the media under consideration.</para>
    </note>

    <sect2>
      <title>Configuration</title>

      <para>To perform <acronym>DVD</acronym> recording, use
        &man.growisofs.1;.  This command is part of the
        <package>sysutils/dvd+rw-tools</package> utilities which
        support all <acronym>DVD</acronym> media types.</para>

      <para>These tools use the <acronym>SCSI</acronym> subsystem to
        access the devices, therefore <link
          linkend="atapicam">ATAPI/CAM support</link> must be loaded
        or statically compiled into the kernel.  This support is not
        needed if the burner uses the <acronym>USB</acronym>
        interface.  Refer to <xref linkend="usb-disks"/> for more
        details on <acronym>USB</acronym> device configuration.</para>

      <para>DMA access must also be enabled for
        <acronym>ATAPI</acronym> devices, by adding the following line
        to <filename>/boot/loader.conf</filename>:</para>

      <programlisting>hw.ata.atapi_dma="1"</programlisting>

      <para>Before attempting to use
        <application>dvd+rw-tools</application>, consult the <link
          xlink:href="http://fy.chalmers.se/~appro/linux/DVD+RW/hcn.html">Hardware
          Compatibility Notes</link>.</para>

      <note>
        <para>For a graphical user interface, consider using
          <package>sysutils/k3b</package> which provides a user
          friendly interface to &man.growisofs.1; and many other
          burning tools.</para>
      </note>
    </sect2>

    <sect2>
      <title>Burning Data <acronym>DVD</acronym>s</title>

      <para>Since &man.growisofs.1; is a front-end to <link
          linkend="mkisofs">mkisofs</link>, it will invoke
        &man.mkisofs.8; to create the file system layout and perform
        the write on the <acronym>DVD</acronym>.  This means that an
        image of the data does not need to be created before the
        burning process.</para>

      <para>To burn to a DVD+R or a DVD-R the data in
        <filename>/path/to/data</filename>, use the following
        command:</para>

      <screen>&prompt.root; <userinput>growisofs -dvd-compat -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>

      <para>In this example, <option>-J -R</option> is passed to
        &man.mkisofs.8;  to create an ISO 9660 file system with Joliet
        and Rock Ridge extensions.  Refer to &man.mkisofs.8; for more
        details.</para>

      <para>For the initial session recording, <option>-Z</option> is
        used for both single and multiple sessions.  Replace
        <replaceable>/dev/cd0</replaceable>, with the name of the
        <acronym>DVD</acronym> device.  Using
        <option>-dvd-compat</option> indicates that the disk will be
        closed and that the recording will be unappendable.  This
        should also provide better media compatibility with
        <acronym>DVD-ROM</acronym> drives.</para>

      <para>To burn a pre-mastered image, such as
        <replaceable>imagefile.iso</replaceable>, use:</para>

      <screen>&prompt.root; <userinput>growisofs -dvd-compat -Z <replaceable>/dev/cd0</replaceable>=<replaceable>imagefile.iso</replaceable></userinput></screen>

      <para>The write speed should be detected and automatically set
        according to the media and the drive being used.  To force the
        write speed, use  <option>-speed=</option>.  Refer to
        &man.growisofs.1; for example usage.</para>

      <note>
        <para>In order to support working files larger than 4.38GB, an
          UDF/ISO-9660 hybrid file system must be created by passing
          <option>-udf -iso-level 3</option> to &man.mkisofs.8; and
          all related programs, such as &man.growisofs.1;.  This is
          required only when creating an ISO image file or when
          writing files directly to a disk.  Since a disk created this
          way must be mounted as an UDF file system with
          &man.mount.udf.8;, it will be usable only on an UDF aware
          operating system.  Otherwise it will look as if it contains
          corrupted files.</para>

        <para>To create this type of ISO file:</para>

        <screen>&prompt.user; <userinput>mkisofs -R -J -udf -iso-level 3 -o <replaceable>imagefile.iso</replaceable> <replaceable>/path/to/data</replaceable></userinput></screen>

        <para>To burn files directly to a disk:</para>

        <screen>&prompt.root; <userinput>growisofs -dvd-compat -udf -iso-level 3 -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>

        <para>When an ISO image already contains large files, no
          additional options are required for &man.growisofs.1; to
          burn that image on a disk.</para>

        <para>Be sure to use an up-to-date version of
          <package>sysutils/cdrtools</package>, which contains
          &man.mkisofs.8;, as an older version may not contain large
          files support.  If the latest version does not work, install
          <package>sysutils/cdrtools-devel</package> and read its
          &man.mkisofs.8;.</para>
      </note>
    </sect2>

    <sect2>
      <title>Burning a <acronym>DVD</acronym>-Video</title>

      <indexterm>
        <primary><acronym>DVD</acronym></primary>
        <secondary>DVD-Video</secondary>
      </indexterm>

      <para>A DVD-Video is a specific file layout based on the ISO
        9660 and micro-UDF (M-UDF) specifications.  Since DVD-Video
        presents a specific data structure hierarchy, a particular
        program such as <package>multimedia/dvdauthor</package> is
        needed to author the <acronym>DVD</acronym>.</para>

      <para>If an image of the DVD-Video file system already exists,
        it can be burned in the same way as any other image.  If
        <command>dvdauthor</command> was used to make the
        <acronym>DVD</acronym> and the result is in
        <filename>/path/to/video</filename>, the following command
        should be used to burn the DVD-Video:</para>

      <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -dvd-video <replaceable>/path/to/video</replaceable></userinput></screen>

      <para><option>-dvd-video</option> is passed to &man.mkisofs.8;
        to instruct it to create a DVD-Video file system layout.
        This option implies the <option>-dvd-compat</option>
        &man.growisofs.1; option.</para>
    </sect2>

    <sect2>
      <title>Using a <acronym>DVD+RW</acronym></title>

      <indexterm>
        <primary><acronym>DVD</acronym></primary>
        <secondary><acronym>DVD+RW</acronym></secondary>
      </indexterm>

      <para>Unlike CD-RW, a virgin <acronym>DVD+RW</acronym> needs to
        be formatted before first use.  It is
        <emphasis>recommended</emphasis> to let &man.growisofs.1; take
        care of this automatically whenever appropriate.  However, it
        is possible to use <command>dvd+rw-format</command> to format
        the <acronym>DVD+RW</acronym>:</para>

      <screen>&prompt.root; <userinput>dvd+rw-format <replaceable>/dev/cd0</replaceable></userinput></screen>

      <para>Only perform this operation once and keep in mind that
        only virgin <acronym>DVD+RW</acronym> medias need to be
        formatted.  Once formatted, the <acronym>DVD+RW</acronym> can
        be burned as usual.</para>

      <para>To burn a totally new file system and not just append some
        data onto a <acronym>DVD+RW</acronym>, the media does not need
        to be blanked first.  Instead, write over the previous
        recording like this:</para>

      <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/newdata</replaceable></userinput></screen>

      <para>The <acronym>DVD+RW</acronym> format supports appending
        data to a previous recording.  This operation consists of
        merging a new session to the existing one as it is not
        considered to be multi-session writing.  &man.growisofs.1;
        will <emphasis>grow</emphasis> the ISO 9660 file system
        present on the media.</para>

      <para>For example, to append data to a
        <acronym>DVD+RW</acronym>, use the following:</para>

      <screen>&prompt.root; <userinput>growisofs -M <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/nextdata</replaceable></userinput></screen>

      <para>The same &man.mkisofs.8; options used to burn the
        initial session should be used during next writes.</para>

      <note>
        <para>Use <option>-dvd-compat</option> for better media
          compatibility with <acronym>DVD-ROM</acronym> drives.  When
          using <acronym>DVD+RW</acronym>, this option will not
          prevent the addition of data.</para>
      </note>

      <para>To blank the media, use:</para>

      <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable>=<replaceable>/dev/zero</replaceable></userinput></screen>
    </sect2>

    <sect2>
      <title>Using a <acronym>DVD-RW</acronym></title>

      <indexterm>
        <primary><acronym>DVD</acronym></primary>
        <secondary><acronym>DVD-RW</acronym></secondary>
      </indexterm>

      <para>A <acronym>DVD-RW</acronym> accepts two disc formats:
        incremental sequential and restricted overwrite.  By default,
        <acronym>DVD-RW</acronym> discs are in sequential
        format.</para>

      <para>A virgin <acronym>DVD-RW</acronym> can be directly written
        without being formatted.  However, a non-virgin
        <acronym>DVD-RW</acronym> in sequential format needs to be
        blanked before writing a new initial session.</para>

      <para>To blank a <acronym>DVD-RW</acronym> in sequential
        mode:</para>

      <screen>&prompt.root; <userinput>dvd+rw-format -blank=full <replaceable>/dev/cd0</replaceable></userinput></screen>

      <note>
        <para>A full blanking using <option>-blank=full</option> will
          take about one hour on a 1x media.  A fast blanking can be
          performed using <option>-blank</option>, if the
          <acronym>DVD-RW</acronym> will be recorded in Disk-At-Once
          (DAO) mode.  To burn the <acronym>DVD-RW</acronym> in DAO
          mode, use the command:</para>

        <screen>&prompt.root; <userinput>growisofs -use-the-force-luke=dao -Z <replaceable>/dev/cd0</replaceable>=<replaceable>imagefile.iso</replaceable></userinput></screen>

        <para>Since &man.growisofs.1; automatically attempts to detect
          fast blanked media and engage DAO write,
          <option>-use-the-force-luke=dao</option> should not be
          required.</para>

        <para>One should instead use restricted overwrite mode with
          any <acronym>DVD-RW</acronym> as this format is more
          flexible than the default of incremental sequential.</para>
      </note>

      <para>To write data on a sequential <acronym>DVD-RW</acronym>,
        use the same instructions as for the other
        <acronym>DVD</acronym> formats:</para>

      <screen>&prompt.root; <userinput>growisofs -Z <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/data</replaceable></userinput></screen>

      <para>To append some data to a previous recording, use
        <option>-M</option> with &man.growisofs.1;.  However, if data
        is appended on a <acronym>DVD-RW</acronym> in incremental
        sequential mode, a new session will be created on the disc and
        the result will be a multi-session disc.</para>

      <para>A <acronym>DVD-RW</acronym> in restricted overwrite format
        does not need to be blanked before a new initial session.
        Instead, overwrite the disc with <option>-Z</option>.  It is
        also possible to grow an existing ISO 9660 file system written
        on the disc with <option>-M</option>.  The result will be a
        one-session <acronym>DVD</acronym>.</para>

      <para>To put a <acronym>DVD-RW</acronym> in restricted overwrite
        format, the following command must be used:</para>

      <screen>&prompt.root; <userinput>dvd+rw-format <replaceable>/dev/cd0</replaceable></userinput></screen>

      <para>To change back to sequential format, use:</para>

      <screen>&prompt.root; <userinput>dvd+rw-format -blank=full <replaceable>/dev/cd0</replaceable></userinput></screen>
    </sect2>

    <sect2>
      <title>Multi-Session</title>

      <para>Few <acronym>DVD-ROM</acronym> drives support
        multi-session DVDs and most of the time only read the first
        session.  DVD+R, DVD-R and <acronym>DVD-RW</acronym> in
        sequential format can accept multiple sessions.  The notion
        of multiple sessions does not exist for the
        <acronym>DVD+RW</acronym> and the <acronym>DVD-RW</acronym>
        restricted overwrite formats.</para>

      <para>Using the following command after an initial non-closed
        session on a DVD+R, DVD-R, or <acronym>DVD-RW</acronym> in
        sequential format, will add a new session to the disc:</para>

      <screen>&prompt.root; <userinput>growisofs -M <replaceable>/dev/cd0</replaceable> -J -R <replaceable>/path/to/nextdata</replaceable></userinput></screen>

      <para>Using this command with a <acronym>DVD+RW</acronym> or a
        <acronym>DVD-RW</acronym> in restricted overwrite mode will
        append data while merging the new session to the existing one.
        The result will be a single-session disc.  Use this method to
        add data after an initial write on these types of
        media.</para>

      <note>
        <para>Since some space on the media is used between each
          session to mark the end and start of sessions, one should
          add sessions with a large amount of data to optimize media
          space.  The number of sessions is limited to 154 for a
          DVD+R, about 2000 for a DVD-R, and 127 for a DVD+R Double
          Layer.</para>
      </note>
    </sect2>

    <sect2>
      <title>For More Information</title>

      <para>To obtain more information about a <acronym>DVD</acronym>,
        use <command>dvd+rw-mediainfo
          <replaceable>/dev/cd0</replaceable></command> while the
        disc in the specified drive.</para>

      <para>More information about
        <application>dvd+rw-tools</application> can be found in
        &man.growisofs.1;, on the <link
          xlink:href="http://fy.chalmers.se/~appro/linux/DVD+RW/">dvd+rw-tools
          web site</link>, and in the <link
          xlink:href="http://lists.debian.org/cdwrite/">cdwrite
          mailing list</link> archives.</para>

      <note>
        <para>When creating a problem report related to the use of
          <application>dvd+rw-tools</application>, always include the
          output of <command>dvd+rw-mediainfo</command>.</para>
      </note>
    </sect2>

    <sect2 xml:id="creating-dvd-ram">
      <title>Using a <acronym>DVD-RAM</acronym></title>

      <indexterm>
        <primary><acronym>DVD</acronym></primary>
        <secondary><acronym>DVD-RAM</acronym></secondary>
      </indexterm>

      <para><acronym>DVD-RAM</acronym> writers can use either a
        <acronym>SCSI</acronym> or <acronym>ATAPI</acronym> interface.
        For <acronym>ATAPI</acronym> devices, DMA access has to be
        enabled by adding the following line to
        <filename>/boot/loader.conf</filename>:</para>

      <programlisting>hw.ata.atapi_dma="1"</programlisting>

      <para>A <acronym>DVD-RAM</acronym> can be seen as a removable
        hard drive.  Like any other hard drive, the
        <acronym>DVD-RAM</acronym> must be formatted before it can be
        used.  In this example, the whole disk space will be formatted
        with a standard UFS2 file system:</para>

      <screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>/dev/acd0</replaceable> bs=2k count=1</userinput>
&prompt.root; <userinput>bsdlabel -Bw <replaceable>acd0</replaceable></userinput>
&prompt.root; <userinput>newfs <replaceable>/dev/acd0</replaceable></userinput></screen>

      <para>The <acronym>DVD</acronym> device,
        <filename>acd0</filename>, must be changed according to the
        configuration.</para>

      <para>Once the <acronym>DVD-RAM</acronym> has been formatted, it
        can be mounted as a normal hard drive:</para>

      <screen>&prompt.root; <userinput>mount <replaceable>/dev/acd0</replaceable> <replaceable>/mnt</replaceable></userinput></screen>

      <para>Once mounted, the <acronym>DVD-RAM</acronym> will be both
        readable and writeable.</para>
    </sect2>
  </sect1>

  <sect1 xml:id="floppies">
    <title>Creating and Using Floppy Disks</title>

<!--
      <authorgroup>
        <author>
          <personname>
            <firstname>Julio</firstname>
            <surname>Merino</surname>
          </personname>
          <contrib>Original work by </contrib>
        </author>
      </authorgroup>

      <authorgroup>
        <author>
          <personname>
            <firstname>Martin</firstname>
            <surname>Karlsson</surname>
          </personname>
          <contrib>Rewritten by </contrib>
        </author>
      </authorgroup>
      -->

    <para>This section explains how to format a 3.5 inch floppy disk
      in &os;.</para>

    <procedure>
      <title>Steps to Format a Floppy</title>

      <para>A floppy disk needs to be low-level formatted before it
        can be used.  This is usually done by the vendor, but
        formatting is a good way to check media integrity.  To
        low-level format the floppy disk on &os;, use
        &man.fdformat.1;.  When using this utility, make note of any
        error messages, as these can help determine if the disk is
        good or bad.</para>

      <step>
        <para>To format the floppy, insert a new 3.5 inch floppy disk
          into the first floppy drive and issue:</para>

          <screen>&prompt.root; <userinput>/usr/sbin/fdformat -f 1440 /dev/fd0</userinput></screen>
      </step>

      <step>
        <para>After low-level formatting the disk, create a disk label
          as it is needed by the system to determine the size of the
          disk and its geometry.  The supported geometry values are
          listed in <filename>/etc/disktab</filename>.</para>

        <para>To write the disk label, use &man.bsdlabel.8;:</para>

        <screen>&prompt.root; <userinput>/sbin/bsdlabel -B -w /dev/fd0 fd1440</userinput></screen>
      </step>

      <step>
        <para>The floppy is now ready to be high-level formatted with
          a file system.  The floppy's file system can be either UFS
          or FAT, where FAT is generally a better choice for
          floppies.</para>

        <para>To format the floppy with FAT, issue:</para>

        <screen>&prompt.root; <userinput>/sbin/newfs_msdos /dev/fd0</userinput></screen>
      </step>
    </procedure>

    <para>The disk is now ready for use.  To use the floppy, mount it
      with &man.mount.msdosfs.8;.  One can also install and use
      <package>emulators/mtools</package> from the Ports
      Collection.</para>
  </sect1>

  <sect1 xml:id="backup-basics">
    <title>Backup Basics</title>

<!--
    <authorgroup>
        <author>
          <personname>
            <firstname>Lowell</firstname>
            <surname>Gilbert</surname>
          </personname>
          <contrib>Original work by </contrib>
        </author>
      </authorgroup>
      -->

    <para>Implementing a backup plan is essential in order to have the
      ability to recover from disk failure, accidental file deletion,
      random file corruption, or complete machine destruction,
      including destruction of on-site backups.</para>

    <para>The backup type and schedule will vary, depending upon the
      importance of the data, the granularity needed for file
      restores, and the amount of acceptable downtime.  Some possible
      backup techniques include:</para>

    <itemizedlist>
      <listitem>
        <para>Archives of the whole system, backed up onto permanent,
          off-site media.  This provides protection against all of the
          problems listed above, but is slow and inconvenient to
          restore from, especially for non-privileged users.</para>
      </listitem>

      <listitem>
        <para>File system snapshots, which are useful for restoring
          deleted files or previous versions of files.</para>
      </listitem>

      <listitem>
        <para>Copies of whole file systems or disks which are
          synchronized with another system on the network using a
          scheduled <package>net/rsync</package>.</para>
      </listitem>

      <listitem>
        <para>Hardware or software <acronym>RAID</acronym>, which
          minimizes or avoids downtime when a disk fails.</para>
      </listitem>
    </itemizedlist>

    <para>Typically, a mix of backup techniques is used.  For
      example, one could create a schedule to automate a weekly, full
      system backup that is stored off-site and to supplement this
      backup with hourly ZFS snapshots.  In addition, one could make a
      manual backup of individual directories or files before making
      file edits or deletions.</para>

    <para>This section describes some of the utilities which can be
      used to create and manage backups on a &os; system.</para>

    <sect2>
      <title>File System Backups</title>

      <indexterm>
        <primary>backup software</primary>
        <secondary>dump / restore</secondary>
      </indexterm>
      <indexterm>
        <primary><command>dump</command></primary>
      </indexterm>
      <indexterm>
        <primary><command>restore</command></primary>
      </indexterm>

      <para>The traditional &unix; programs for backing up a file
        system are &man.dump.8;, which creates the backup, and
        &man.restore.8;, which restores the backup.  These utilities
        work at the disk block level, below the abstractions of the
        files, links, and directories that are created by file
        systems.  Unlike other backup software,
        <command>dump</command> backs up an entire file system and is
        unable to backup only part of a file system or a directory
        tree that spans multiple file systems.  Instead of writing
        files and directories, <command>dump</command> writes the raw
        data blocks that comprise files and directories.</para>

      <note>
        <para>If <command>dump</command> is used on the root
          directory, it will not back up <filename>/home</filename>,
          <filename>/usr</filename> or many other directories since
          these are typically mount points for other file systems or
          symbolic links into those file systems.</para>
      </note>

      <para>When used to restore data, <command>restore</command>
        stores temporary files in <filename>/tmp/</filename> by
        default.  When using a recovery disk with a small
        <filename>/tmp</filename>, set <envar>TMPDIR</envar> to a
        directory with more free space in order for the restore to
        succeed.</para>

      <para>When using <command>dump</command>, be aware that some
        quirks remain from its early days in Version 6 of
        AT&amp;T &unix;,circa 1975.  The default parameters assume a
        backup to a 9-track tape, rather than to another type of media
        or to the high-density tapes available today.  These defaults
        must be overridden on the command line.</para>

      <indexterm>
        <primary><filename>.rhosts</filename></primary>
      </indexterm>
      <para>It is possible to backup a file system across the network
        to a another system or to a tape drive attached to another
        computer.  While the &man.rdump.8; and &man.rrestore.8;
        utilities can be used for this purpose, they are not
        considered to be secure.</para>

      <para>Instead, one can use <command>dump</command> and
        <command>restore</command> in a more secure fashion over an
        <acronym>SSH</acronym> connection.  This example creates a
        full, compressed backup of <filename>/usr</filename> and sends
        the backup file to the specified host over a
        <acronym>SSH</acronym> connection.</para>

      <example>
        <title>Using <command>dump</command> over
          <application>ssh</application></title>

        <screen>&prompt.root; <userinput>/sbin/dump -0uan -f - /usr | gzip -2 | ssh -c blowfish \
          targetuser@targetmachine.example.com dd of=/mybigfiles/dump-usr-l0.gz</userinput></screen>
      </example>

      <para>This example sets <envar>RSH</envar> in order to write the
        backup to a tape drive on a remote system over a
        <acronym>SSH</acronym> connection:</para>

      <example>
        <title>Using <command>dump</command> over
          <application>ssh</application> with <envar>RSH</envar>
          Set</title>

        <screen>&prompt.root; <userinput>env RSH=/usr/bin/ssh /sbin/dump -0uan -f targetuser@targetmachine.example.com:/dev/sa0 /usr</userinput></screen>
      </example>
    </sect2>

    <sect2>
      <title>Directory Backups</title>

      <indexterm>
        <primary>backup software</primary>
        <secondary><command>tar</command></secondary>
      </indexterm>

      <para>Several built-in utilities are available for backing up
        and restoring specified files and directories as
        needed.</para>

      <para>A good choice for making a backup of all of the files in a
        directory is &man.tar.1;.  This utility dates back to Version
        6 of AT&amp;T &unix; and by default assumes a recursive backup
        to a local tape  device.  Switches can be used to instead
        specify the name of a backup file.</para>

      <indexterm><primary><command>tar</command></primary></indexterm>

      <para>This example creates a compressed backup of the current
        directory and saves it to
        <filename>/tmp/mybackup.tgz</filename>.  When creating a
        backup file, make sure that the backup is not saved to the
        same directory that is being backed up.</para>

      <example>
        <title>Backing Up the Current Directory with
          <command>tar</command></title>

      <screen>&prompt.root; <userinput>tar czvf <replaceable>/tmp/mybackup.tgz</replaceable> . </userinput></screen>
      </example>

      <para>To restore the entire backup, <command>cd</command> into
        the directory to restore into and specify the name of the
        backup.  Note that this will overwrite any newer versions of
        files in the restore directory.  When in doubt, restore to a
        temporary directory or specify the name of the file within the
        backup to restore.</para>

      <example>
        <title>Restoring Up the Current Directory with
          <command>tar</command></title>

      <screen>&prompt.root; <userinput>tar xzvf <replaceable>/tmp/mybackup.tgz</replaceable></userinput></screen>
      </example>

      <para>There are dozens of available switches which are described
        in &man.tar.1;.  This utility also supports the use of exclude
        patterns to specify which files should not be included when
        backing up the specified directory or restoring files from a
        backup.</para>

      <indexterm>
        <primary>backup software</primary>
        <secondary><command>cpio</command></secondary>
      </indexterm>

      <para>To create a backup using a specified list of files and
        directories, &man.cpio.1; is a good choice.  Unlike
        <command>tar</command>, <command>cpio</command> does not know
        how to walk the directory tree and it must be provided the
        list of files to backup.</para>

      <para>For example, a list of files can be created using
        <command>ls</command> or <command>find</command>.  This
        example creates a recursive listing of the current directory
        which is then piped to  <command>cpio</command> in order to
        create an output backup file named
        <filename>/tmp/mybackup.cpio</filename>.</para>

      <example>
        <title>Using <command>ls</command> and <command>cpio</command>
          to Make a Recursive Backup of the Current Directory</title>

      <screen>&prompt.root; <userinput>ls -R | cpio -ovF <replaceable>/tmp/mybackup.cpio</replaceable></userinput></screen>
      </example>

      <indexterm>
        <primary>backup software</primary>
        <secondary><command>pax</command></secondary>
      </indexterm>
      <indexterm><primary><command>pax</command></primary></indexterm>
      <indexterm><primary>POSIX</primary></indexterm>
      <indexterm><primary>IEEE</primary></indexterm>

      <para>A backup utility which tries to bridge the features
        provided by <command>tar</command> and <command>cpio</command>
        is &man.pax.1;.  Over the years, the various versions of
        <command>tar</command> and <command>cpio</command> became
        slightly incompatible.  &posix; created <command>pax</command>
        which attempts to read and write many of the various
        <command>cpio</command> and <command>tar</command> formats,
        plus new formats of its own.</para>

      <para>The <command>pax</command> equivalent to the previous
        examples would be:</para>

      <example>
        <title>Backing Up the Current Directory with
          <command>pax</command></title>

      <screen>&prompt.root; <userinput>pax -wf <replaceable>/tmp/mybackup.pax</replaceable> .</userinput></screen>
      </example>
    </sect2>

    <sect2 xml:id="backups-tapebackups">
      <title>Using Data Tapes for Backups</title>

      <indexterm><primary>tape media</primary></indexterm>

      <para>While tape technology has continued to evolve, modern
        backup systems tend to combine off-site backups with local
        removable media.  &os; supports any tape drive that uses
        <acronym>SCSI</acronym>, such as <acronym>LTO</acronym> or
        <acronym>DAT</acronym>.  There is limited support for
        <acronym>SATA</acronym> and <acronym>USB</acronym> tape
        drives.</para>

      <para>For <acronym>SCSI</acronym> tape devices, &os; uses the
        &man.sa.4; driver and the <filename>/dev/sa0</filename>,
        <filename>/dev/nsa0</filename>, and
        <filename>/dev/esa0</filename> devices.  The physical device
        name is <filename>/dev/sa0</filename>.  When
        <filename>/dev/nsa0</filename> is used, the backup application
        will not rewind the tape after writing a file, which allows
        writing more than one file to a tape.  Using
        <filename>/dev/esa0</filename> ejects the tape after the
        device is closed.</para>

      <para>In &os;, <command>mt</command> is used to control
        operations of the tape drive, such as seeking through files on
        a tape or writing tape control marks to the tape.  For
        example, the first three files on a tape can be preserved by
        skipping past them before writing a new file:</para>

      <screen>&prompt.root; <userinput>mt -f /dev/nsa0 fsf 3</userinput></screen>

      <para>This utility supports many operations.  Refer to
        &man.mt.1; for details.</para>

      <para>To write a single file to tape using
        <command>tar</command>, specify the name of the tape device
        and the file to backup:</para>

      <screen>&prompt.root; <userinput>tar cvf /dev/sa0 <replaceable>file</replaceable></userinput></screen>

      <para>To recover files from a <command>tar</command> archive
        on tape into the current directory:</para>

      <screen>&prompt.root; <userinput>tar xvf /dev/sa0</userinput></screen>

      <para>To backup a <acronym>UFS</acronym> file system, use
        <command>dump</command>.  This examples backs up
        <filename>/usr</filename> without rewinding the tape when
        finished:</para>

      <screen>&prompt.root; <userinput>dump -0aL -b64 -f /dev/nsa0 /usr</userinput></screen>

      <para>To interactively restore files from a
        <command>dump</command> file on tape into the current
        directory:</para>

      <screen>&prompt.root; <userinput>restore -i -f /dev/nsa0</userinput></screen>
    </sect2>

    <sect2 xml:id="backups-programs-amanda">
      <title>Third-Party Backup Utilities</title>

      <indexterm>
        <primary>backup software</primary>
      </indexterm>

      <para>The &os; Ports Collection provides many third-party
        utilities which can be used to schedule the creation of
        backups, simplify tape backup, and make backups easier and
        more convenient.  Many of these applications are client/server
        based and can be used to automate the backups of a single
        system or all of the computers in a network.</para>

      <para>Popular utilities include
        <application>Amanda</application>,
        <application>Bacula</application>,
        <application>rsync</application>, and
        <application>duplicity</application>.</para>
    </sect2>

    <sect2>
      <title>Emergency Recovery</title>

      <para>In addition to regular backups, it is recommended to
        perform the following steps as part of an emergency
        preparedness plan.</para>

      <indexterm>
        <primary><command>bsdlabel</command></primary></indexterm>

      <para>Create a print copy of the output of the following
        commands:</para>

      <itemizedlist>
        <listitem>
          <para><command>gpart show</command></para>
        </listitem>

        <listitem>
          <para><command>more /etc/fstab</command></para>
        </listitem>

        <listitem>
          <para><command>dmesg</command></para>
        </listitem>
      </itemizedlist>

      <indexterm><primary>livefs
          <acronym>CD</acronym></primary></indexterm>

      <para>Store this printout and a copy of the installation media
        in a secure location.  Should an emergency restore be
        needed, boot into the installation media and select
        <literal>Live CD</literal> to access a rescue shell.  This
        rescue mode can be used to view the current state of the
        system, and if needed, to  reformat disks and restore data
        from backups.</para>

      <note>
        <para>The installation media for
          &os;/&arch.i386;&nbsp;&rel2.current;-RELEASE does not
          include a rescue shell.  For this version, instead
          download and burn a Livefs <acronym>CD</acronym> image from
          <uri
            xlink:href="ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/&arch.i386;/ISO-IMAGES/&rel2.current;/&os;-&rel2.current;-RELEASE-&arch.i386;-livefs.iso">ftp://ftp.FreeBSD.org/pub/FreeBSD/releases/&arch.i386;/ISO-IMAGES/&rel2.current;/&os;-&rel2.current;-RELEASE-&arch.i386;-livefs.iso</uri>.</para>
      </note>

      <para>Next, test the rescue shell and the backups.  Make notes
        of the procedure.  Store these notes with the media, the
        printouts, and the backups.  These notes may prevent the
        inadvertent destruction of the backups while under the stress
        of performing an emergency recovery.</para>

      <para>For an added measure of security, store the latest backup
        at a remote location which is physically separated from the
        computers and disk drives by a significant distance.</para>
    </sect2>
  </sect1>

  <sect1 xml:id="disks-virtual">
    <info>
      <title>Memory Disks</title>

      <authorgroup>
        <author>
          <personname>
            <firstname>Marc</firstname>
            <surname>Fonvieille</surname>
          </personname>
          <contrib>Reorganized and enhanced by </contrib>
        </author>
      </authorgroup>
    </info>

    <para>In addition to physical disks, &os; also supports the
      creation and use of memory disks.  One possible use for a
      memory disk is to access the contents of an
      <acronym>ISO</acronym> file system without the overhead of first
      burning it to a <acronym>CD</acronym> or <acronym>DVD</acronym>,
      then mounting the <acronym>CD/DVD</acronym> media.</para>

    <para>In &os;, the  &man.md.4; driver is used to provide support
      for memory disks.  The <filename>GENERIC</filename> kernel
      includes this driver.  When using a custom kernel configuration
      file, ensure it includes this line:</para>

    <programlisting>device md</programlisting>

    <sect2 xml:id="disks-mdconfig">
      <title>Attaching and Detaching Existing Images</title>

      <indexterm>
        <primary>disks</primary>
        <secondary>memory</secondary>
      </indexterm>

      <para>To mount an existing file system image, use
        <command>mdconfig</command> to specify the name of the
        <acronym>ISO</acronym> file and a free unit number.  Then,
        refer to that unit number to mount it on an existing mount
        point.  Once mounted, the files in the <acronym>ISO</acronym>
        will appear in the mount point.  This example attaches
        <replaceable>diskimage.iso</replaceable> to the memory device
        <filename>/dev/md0</filename> then mounts that memory device
        on <filename>/mnt</filename>:</para>

      <screen>&prompt.root; <userinput>mdconfig -f <replaceable>diskimage.iso</replaceable> -u <replaceable>0</replaceable></userinput>
&prompt.root; <userinput>mount -t cd9660 /dev/md<replaceable>0</replaceable> <replaceable>/mnt</replaceable></userinput></screen>

      <para>Notice that <option>-t cd9660</option> was used to mount
        an ISO format.  If a unit number is not specified with
        <option>-u</option>, <command>mdconfig</command> will
        automatically allocate an unused memory device and output
        the name of the allocated unit, such as
        <filename>md4</filename>.  Refer to &man.mdconfig.8; for more
        details about this command and its options.</para>

      <indexterm>
        <primary>disks</primary>
        <secondary>detaching a memory disk</secondary>
      </indexterm>

      <para>When a memory disk is no longer in use, its resources
        should be released back to the system.  First, unmount the
        file system, then use <command>mdconfig</command> to detach
        the disk from the system and release its resources.  To
        continue this example:</para>

      <screen>&prompt.root; <userinput>umount /mnt</userinput>
&prompt.root; <userinput>mdconfig -d -u <replaceable>0</replaceable></userinput></screen>

      <para>To determine if any memory disks are still attached to the
        system, type <command>mdconfig -l</command>.</para>
    </sect2>

    <sect2 xml:id="disks-md-freebsd5">
      <title>Creating a File- or Memory-Backed Memory Disk</title>

      <indexterm>
        <primary>disks</primary>
        <secondary>memory file system</secondary>
      </indexterm>
      <para>&os; also supports memory disks where the storage to use
        is allocated from either a hard disk or an area of memory.
        The first method is commonly referred to as a file-backed file
        system and the second method as a memory-backed file system.
        Both types can be created using
        <command>mdconfig</command>.</para>

      <para>To create a new memory-backed file system, specify a type
        of <literal>swap</literal> and the size of the memory disk to
        create.  Then, format the memory disk with a file system and
        mount as usual.  This example creates a 5M memory disk on unit
        <literal>1</literal>.  That memory disk is then formatted with
        the <acronym>UFS</acronym> file system before it is
        mounted:</para>

      <screen>&prompt.root; <userinput>mdconfig -a -t swap -s <replaceable>5</replaceable>m -u <replaceable>1</replaceable></userinput>
&prompt.root; <userinput>newfs -U md<replaceable>1</replaceable></userinput>
/dev/md1: 5.0MB (10240 sectors) block size 16384, fragment size 2048
        using 4 cylinder groups of 1.27MB, 81 blks, 192 inodes.
        with soft updates
super-block backups (for fsck -b #) at:
 160, 2752, 5344, 7936
&prompt.root; <userinput>mount /dev/md<replaceable>1</replaceable> <replaceable>/mnt</replaceable></userinput>
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
Filesystem 1K-blocks Used Avail Capacity  Mounted on
/dev/md1        4718    4  4338     0%    /mnt</screen>

      <para>To create a new file-backed memory disk, first allocate an
        area of disk to use.  This example creates an empty 5MB file
        named <filename>newimage</filename>:</para>

      <screen>&prompt.root; <userinput>dd if=/dev/zero of=<replaceable>newimage</replaceable> bs=1k count=<replaceable>5</replaceable>k</userinput>
5120+0 records in
5120+0 records out</screen>

      <para>Next, attach that file to a memory disk, label the memory
        disk and format it with the <acronym>UFS</acronym> file
        system, mount the memory disk, and verify the size of the
        file-backed disk:</para>

      <screen>&prompt.root; <userinput>mdconfig -f <replaceable>newimage</replaceable> -u <replaceable>0</replaceable></userinput>
&prompt.root; <userinput>bsdlabel -w md<replaceable>0</replaceable> auto</userinput>
&prompt.root; <userinput>newfs -U md<replaceable>0</replaceable>a</userinput>
/dev/md0a: 5.0MB (10224 sectors) block size 16384, fragment size 2048
        using 4 cylinder groups of 1.25MB, 80 blks, 192 inodes.
super-block backups (for fsck -b #) at:
 160, 2720, 5280, 7840
&prompt.root; <userinput>mount /dev/md<replaceable>0</replaceable>a <replaceable>/mnt</replaceable></userinput>
&prompt.root; <userinput>df <replaceable>/mnt</replaceable></userinput>
Filesystem 1K-blocks Used Avail Capacity  Mounted on
/dev/md0a       4710    4  4330     0%    /mnt</screen>

      <para>It takes several commands to create a file- or
        memory-backed file system using <command>mdconfig</command>.
        &os; also comes with <command>mdmfs</command> which
        automatically configures a memory disk, formats it with the
        <acronym>UFS</acronym> file system, and mounts it.  For
        example, after creating <replaceable>newimage</replaceable>
        with <command>dd</command>, this one command is equivalent to
        running the <command>bsdlabel</command>,
        <command>newfs</command>, and <command>mount</command>
        commands shown above:</para>

      <screen>&prompt.root; <userinput>mdmfs -F <replaceable>newimage</replaceable> -s <replaceable>5</replaceable>m md<replaceable>0</replaceable> <replaceable>/mnt</replaceable></userinput></screen>

      <para>To instead create a new memory-based memory disk with
        <command>mdmfs</command>, use this one command:</para>

      <screen>&prompt.root; <userinput>mdmfs -s <replaceable>5</replaceable>m md<replaceable>1</replaceable> <replaceable>/mnt</replaceable></userinput></screen>

      <para>If the unit number is not specified,
        <command>mdmfs</command> will automatically select an unused
        memory device.  For more details about
        <command>mdmfs</command>, refer to &man.mdmfs.8;.</para>
    </sect2>
  </sect1>

  <sect1 xml:id="snapshots">
    <info>
      <title>File System Snapshots</title>

      <authorgroup>
        <author>
          <personname>
            <firstname>Tom</firstname>
            <surname>Rhodes</surname>
          </personname>
          <contrib>Contributed by </contrib>
        </author>
      </authorgroup>
    </info>

    <indexterm>
      <primary>file systems</primary>
      <secondary>snapshots</secondary>
    </indexterm>

    <para>&os; offers a feature in conjunction with
      <link linkend="soft-updates">Soft Updates</link>: file system
      snapshots.</para>

    <para>UFS snapshots allow a user to create images of specified
      file systems, and treat them as a file.  Snapshot files must be
      created in the file system that the action is performed on, and
      a user may create no more than 20 snapshots per file system.
      Active snapshots are recorded in the superblock so they are
      persistent across unmount and remount operations along with
      system reboots.  When a snapshot is no longer required, it can
      be removed using &man.rm.1;.  While snapshots may be removed in
      any order, all the used space may not be acquired because
      another snapshot will possibly claim some of the released
      blocks.</para>

    <para>The un-alterable <option>snapshot</option> file flag is set
      by &man.mksnap.ffs.8; after initial creation of a snapshot file.
      &man.unlink.1; makes an exception for snapshot files since it
      allows them to be removed.</para>

    <para>Snapshots are created using &man.mount.8;.  To place a
      snapshot of <filename>/var</filename> in the
      file <filename>/var/snapshot/snap</filename>, use the following
      command:</para>

    <screen>&prompt.root; <userinput>mount -u -o snapshot /var/snapshot/snap /var</userinput></screen>

    <para>Alternatively, use &man.mksnap.ffs.8; to create the
      snapshot:</para>

    <screen>&prompt.root; <userinput>mksnap_ffs /var /var/snapshot/snap</userinput></screen>

    <para>One can find snapshot files on a file system, such as
      <filename>/var</filename>, using
      &man.find.1;:</para>

    <screen>&prompt.root; <userinput>find /var -flags snapshot</userinput></screen>

    <para>Once a snapshot has been created, it has several
      uses:</para>

    <itemizedlist>
      <listitem>
        <para>Some administrators will use a snapshot file for backup
          purposes, because the snapshot can be transferred to
          <acronym>CD</acronym>s or tape.</para>
      </listitem>

      <listitem>
        <para>The file system integrity checker, &man.fsck.8;, may be
          run on the snapshot.  Assuming that the file system was
          clean when it was mounted, this should always provide a
          clean and unchanging result.</para>
      </listitem>

      <listitem>
        <para>Running &man.dump.8; on the snapshot will produce a dump
          file that is consistent with the file system and the
          timestamp of the snapshot.  &man.dump.8; can also take a
          snapshot, create a dump image, and then remove the snapshot
          in one command by using <option>-L</option>.</para>
      </listitem>

      <listitem>
        <para>The snapshot can be mounted as a frozen image of the
          file system.  To &man.mount.8; the snapshot
          <filename>/var/snapshot/snap</filename> run:</para>

        <screen>&prompt.root; <userinput>mdconfig -a -t vnode -o readonly -f /var/snapshot/snap -u 4</userinput>
&prompt.root; <userinput>mount -r /dev/md4 /mnt</userinput></screen>
      </listitem>
    </itemizedlist>

    <para>The frozen <filename>/var</filename> is now available
      through <filename>/mnt</filename>.  Everything will initially be
      in the same state it was during the snapshot creation time.  The
      only exception is that any earlier snapshots will appear as zero
      length files.  To unmount the snapshot, use:</para>

    <screen>&prompt.root; <userinput>umount /mnt</userinput>
&prompt.root; <userinput>mdconfig -d -u 4</userinput></screen>

    <para>For more information about <option>softupdates</option> and
      file system snapshots, including technical papers, visit
      Marshall Kirk McKusick's website at <uri
        xlink:href="http://www.mckusick.com/">http://www.mckusick.com/</uri>.</para>
  </sect1>

  <sect1 xml:id="quotas">
    <title>Disk Quotas</title>

    <indexterm>
      <primary>accounting</primary>
      <secondary>disk space</secondary>
    </indexterm>
    <indexterm><primary>disk quotas</primary></indexterm>

    <para>Disk quotas can be used to limit the amount of disk space or
      the number of files a user or members of a group may allocate on
      a per-file system basis.  This prevents one user or group of
      users from consuming all of the available disk space.</para>

    <para>This section describes how to configure disk quotas for the
      <acronym>UFS</acronym> file system.  To configure quotas on the
      <acronym>ZFS</acronym> file system, refer to <xref
        linkend="zfs-zfs-quota"/></para>

    <sect2>
      <title>Enabling Disk Quotas</title>

      <para>To determine if the &os; kernel provides support for disk
        quotas:</para>

      <screen>&prompt.user; <userinput>sysctl kern.features.ufs_quota</userinput>
kern.features.ufs_quota: 1</screen>

      <para>In this example, the <literal>1</literal> indicates quota
        support.  If the value is instead <literal>0</literal>, add
        the following line to a custom kernel configuration file and
        rebuild the kernel using the instructions in <xref
          linkend="kernelconfig"/>:</para>

      <programlisting>options QUOTA</programlisting>

      <para>Next, enable disk quotas in
        <filename>/etc/rc.conf</filename>:</para>

      <programlisting>quota_enable="YES"</programlisting>

      <indexterm>
        <primary>disk quotas</primary>
        <secondary>checking</secondary>
      </indexterm>
      <para>Normally on bootup, the quota integrity of each file
        system is checked by &man.quotacheck.8;.  This program insures
        that the data in the quota database properly reflects the data
        on the file system.  This is a time consuming process that
        will significantly affect the time the system takes to boot.
        To skip this step, add this variable to
        <filename>/etc/rc.conf</filename>:</para>

      <programlisting>check_quotas="NO"</programlisting>

      <para>Finally, edit <filename>/etc/fstab</filename> to enable
        disk quotas on a per-file system basis.  To enable per-user
        quotas on a file system, add <option>userquota</option> to the
        options field in the <filename>/etc/fstab</filename> entry for
        the file system to enable quotas on.  For example:</para>

      <programlisting>/dev/da1s2g   /home    ufs rw,userquota 1 2</programlisting>

      <para>To enable group quotas, use <option>groupquota</option>
        instead.  To enable both user and group quotas, separate the
        options with a comma:</para>

      <programlisting>/dev/da1s2g    /home    ufs rw,userquota,groupquota 1 2</programlisting>

      <para>By default, quota files are stored in the root directory
        of the file system as <filename>quota.user</filename> and
        <filename>quota.group</filename>.  Refer to &man.fstab.5; for
        more information.  Specifying an alternate location for the
        quota files is not recommended.</para>

      <para>Once the configuration is complete, reboot the system and
        <filename>/etc/rc</filename> will automatically run the
        appropriate commands to create the initial quota files for all
        of the quotas enabled in
        <filename>/etc/fstab</filename>.</para>

      <para>In the normal course of operations, there should be no
        need to manually run &man.quotacheck.8;, &man.quotaon.8;, or
        &man.quotaoff.8;.  However, one should read these manual pages
        to be familiar with their operation.</para>
    </sect2>

    <sect2>
      <title>Setting Quota Limits</title>

      <indexterm>
        <primary>disk quotas</primary>
        <secondary>limits</secondary>
      </indexterm>

      <para>To
        verify that quotas are enabled, run:</para>

      <screen>&prompt.root; <userinput>quota -v</userinput></screen>

      <para>There should be a one line summary of disk usage and
        current quota limits for each file system that quotas are
        enabled on.</para>

      <para>The system is now ready to be assigned quota limits with
        <command>edquota</command>.</para>

      <para>Several options are available to enforce limits on the
        amount of disk space a user or group may allocate, and how
        many files they may create.  Allocations can be limited based
        on disk space (block quotas), number of files (inode quotas),
        or a combination of both.  Each limit is further broken down
        into two categories: hard and soft limits.</para>

      <indexterm><primary>hard limit</primary></indexterm>
      <para>A hard limit may not be exceeded.  Once a user reaches a
        hard limit, no further allocations can be made on that file
        system by that user.  For example, if the user has a hard
        limit of 500 kbytes on a file system and is currently using
        490 kbytes, the user can only allocate an additional 10
        kbytes.  Attempting to allocate an additional 11 kbytes will
        fail.</para>

      <indexterm><primary>soft limit</primary></indexterm>
      <para>Soft limits can be exceeded for a limited amount of time,
        known as the grace period, which is one week by default.  If a
        user stays over their limit longer than the grace period, the
        soft limit turns into a hard limit and no further allocations
        are allowed.  When the user drops back below the soft limit,
        the grace period is reset.</para>

      <para>In the following example, the quota for the <systemitem
          class="username">test</systemitem> account is being edited.
        When <command>edquota</command> is invoked, the editor
        specified by <envar>EDITOR</envar> is opened in order to edit
        the quota limits.  The default editor is set to
        <application>vi</application>.</para>

      <screen>&prompt.root; <userinput>edquota -u test</userinput>
Quotas for user test:
/usr: kbytes in use: 65, limits (soft = 50, hard = 75)
        inodes in use: 7, limits (soft = 50, hard = 60)
/usr/var: kbytes in use: 0, limits (soft = 50, hard = 75)
        inodes in use: 0, limits (soft = 50, hard = 60)</screen>

      <para>There are normally two lines for each file system that has
        quotas enabled.  One line represents the block limits and the
        other represents the inode limits.  Change the value to modify
        the quota limit.  For example, to raise the block limit on
        <filename>/usr</filename> to a soft limit of
        <literal>500</literal> and a hard limit of
        <literal>600</literal>, change the values in that line as
        follows:</para>

      <programlisting>/usr: kbytes in use: 65, limits (soft = 500, hard = 600)</programlisting>

      <para>The new quota limits take effect upon exiting the
        editor.</para>

      <para>Sometimes it is desirable to set quota limits on a range
        of users.  This can be done by first assigning the desired
        quota limit to a user.  Then, use <option>-p</option> to
        duplicate that quota to a specified range of user IDs
        (<acronym>UID</acronym>s).  The following command will
        duplicate those quota limits for <acronym>UID</acronym>s
        <literal>10,000</literal> through
        <literal>19,999</literal>:</para>

      <screen>&prompt.root; <userinput>edquota -p test 10000-19999</userinput></screen>

      <para>For more information, refer to &man.edquota.8;.</para>
    </sect2>

    <sect2>
      <title>Checking Quota Limits and Disk Usage</title>

      <indexterm>
        <primary>disk quotas</primary>
        <secondary>checking</secondary>
      </indexterm>

      <para>To check individual user or group quotas and disk usage,
        use &man.quota.1;.  A user may only examine their own quota
        and the quota of a group they are a member of.  Only the
        superuser may view all user and group quotas.  To get a
        summary of all quotas and disk usage for file systems with
        quotas enabled, use &man.repquota.8;.</para>

      <para>Normally, file systems that the user is not using any disk
        space on will not show in the output of
        <command>quota</command>, even if the user has a quota limit
        assigned for that file system.  Use <option>-v</option> to
        display those file systems.  The following is sample output
        from <command>quota -v</command> for a user that has quota
        limits on two file systems.</para>

      <programlisting>Disk quotas for user test (uid 1002):
     Filesystem  usage    quota   limit   grace   files   quota   limit   grace
           /usr      65*     50      75   5days       7      50      60
       /usr/var       0      50      75               0      50      60</programlisting>

      <indexterm><primary>grace period</primary></indexterm>

      <para>In this example, the user is currently 15 kbytes over the
        soft limit of 50 kbytes on <filename>/usr</filename> and has 5
        days of grace period left.  The asterisk <literal>*</literal>
        indicates that the user is currently over the quota
        limit.</para>
    </sect2>

    <sect2>
      <title>Quotas over NFS</title>

      <indexterm><primary>NFS</primary></indexterm>

      <para>Quotas are enforced by the quota subsystem on the
        <acronym>NFS</acronym> server.  The &man.rpc.rquotad.8; daemon
        makes quota information available to <command>quota</command>
        on <acronym>NFS</acronym> clients, allowing users on those
        machines to see their quota statistics.</para>

      <para>On the <acronym>NFS</acronym> server, enable
        <command>rpc.rquotad</command> by removing the
        <literal>#</literal> from this line in
        <filename>/etc/inetd.conf</filename>:</para>

      <programlisting>rquotad/1      dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad</programlisting>

      <para>Then, restart <command>inetd</command>:</para>

      <screen>&prompt.root; <userinput>service inetd restart</userinput></screen>
    </sect2>
  </sect1>

  <sect1 xml:id="disks-encrypting">
    <info>
      <title>Encrypting Disk Partitions</title>

      <authorgroup>
        <author>
          <personname>
            <firstname>Lucky</firstname>
            <surname>Green</surname>
          </personname>
          <contrib>Contributed by </contrib>
          <affiliation>
            <address>
              <email>shamrock@cypherpunks.to</email>
            </address>
          </affiliation>
        </author>
      </authorgroup>
    </info>

    <indexterm>
      <primary>disks</primary>
      <secondary>encrypting</secondary>
    </indexterm>

    <para>&os; offers excellent online protections against
      unauthorized data access.  File permissions and <link
        linkend="mac">Mandatory Access Control</link> (MAC) help
      prevent unauthorized users from accessing data while the
      operating system is active and the computer is powered up.
      However, the permissions enforced by the operating system are
      irrelevant if an attacker has physical access to a computer and
      can move the computer's hard drive to another system to copy and
      analyze the data.</para>

    <para>Regardless of how an attacker may have come into possession
      of a hard drive or powered-down computer, the
      <acronym>GEOM</acronym>-based cryptographic subsystems built
      into &os; are able to protect the data on the computer's file
      systems against even highly-motivated attackers with significant
      resources.  Unlike encryption methods that encrypt individual
      files, the built-in <command>gbde</command> and
      <command>geli</command> utilities can be used to transparently
      encrypt entire file systems.  No cleartext ever touches the hard
      drive's platter.</para>

    <para>This chapter demonstrates how to create an encrypted file
      system on &os;.  It first demonstrates the process using
      <command>gbde</command> and then demonstrates the same example
      using <command>geli</command>.</para>

    <sect2>
      <title>Disk Encryption with
        <application>gbde</application></title>

      <para>The objective of the &man.gbde.4; facility is to provide a
        formidable challenge for an attacker to gain access to the
        contents of a <emphasis>cold</emphasis> storage device.
        However, if the computer is compromised while up and running
        and the storage device is actively attached, or the attacker
        has access to a valid passphrase, it offers no protection to
        the contents of the storage device.  Thus, it is important to
        provide physical security while the system is running and to
        protect the passphrase used by the encryption
        mechanism.</para>

      <para>This facility provides several barriers to protect the
        data stored in each disk sector.  It encrypts the contents of
        a disk sector using 128-bit <acronym>AES</acronym> in
        <acronym>CBC</acronym> mode.  Each sector on the disk is
        encrypted with a different <acronym>AES</acronym> key.  For
        more information on the cryptographic design, including how
        the sector keys are derived from the user-supplied passphrase,
        refer to &man.gbde.4;.</para>

      <para>&os; provides a kernel module for
        <application>gbde</application> which can be loaded with this
        command:</para>

      <screen>&prompt.root; <userinput>kldload geom_bde</userinput></screen>

      <para>If using a custom kernel configuration file, ensure it
        contains this line:</para>

      <para><literal>options GEOM_BDE</literal></para>

      <para>The following example demonstrates adding a new hard drive
        to a system that will hold a single encrypted partition that
        will be mounted as <filename>/private</filename>.</para>

      <procedure>
        <title>Encrypting a Partition with
          <application>gbde</application></title>

        <step>
          <title>Add the New Hard Drive</title>

          <para>Install the new drive to the system as explained in
            <xref linkend="disks-adding"/>.  For the purposes of this
            example, a new hard drive partition has been added as
            <filename>/dev/ad4s1c</filename> and
            <filename>/dev/ad0s1<replaceable>*</replaceable></filename>
            represents the existing standard &os; partitions.</para>

          <screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
/dev/ad0        /dev/ad0s1b     /dev/ad0s1e     /dev/ad4s1
/dev/ad0s1      /dev/ad0s1c     /dev/ad0s1f     /dev/ad4s1c
/dev/ad0s1a     /dev/ad0s1d     /dev/ad4</screen>
        </step>

        <step>
          <title>Create a Directory to Hold <command>gbde</command>
            Lock Files</title>

          <screen>&prompt.root; <userinput>mkdir /etc/gbde</userinput></screen>

          <para>The <application>gbde</application> lock file
            contains information that <application>gbde</application>
            requires to access encrypted partitions.  Without access
            to the lock file, <application>gbde</application> will not
            be able to decrypt the data contained in the encrypted
            partition without significant manual intervention which is
            not supported by the software.  Each encrypted partition
            uses a separate lock file.</para>
        </step>

        <step>
          <title>Initialize the <command>gbde</command>
            Partition</title>

          <para>A <application>gbde</application> partition must be
            initialized before it can be used.  This initialization
            needs to be performed only once.  This command will open
            the default editor, in order to set various configuration
            options in a template.  For use with the
            <acronym>UFS</acronym> file system, set the sector_size to
            2048:</para>

          <screen>&prompt.root; <userinput>gbde init /dev/ad4s1c -i -L /etc/gbde/ad4s1c.lock</userinput>
# <phrase its:translate="no">&dollar;FreeBSD: src/sbin/gbde/template.txt,v 1.1.36.1 2009/08/03 08:13:06 kensmith Exp $</phrase>
#
# Sector size is the smallest unit of data which can be read or written.
# Making it too small decreases performance and decreases available space.
# Making it too large may prevent filesystems from working.  512 is the
# minimum and always safe.  For UFS, use the fragment size
#
sector_size     =       2048
[...]</screen>

          <para>Once the edit is saved, the user will be asked twice
            to type the passphrase used to secure the data.  The
            passphrase must be the same both times.  The ability of
            <application>gbde</application> to protect data depends
            entirely on the quality of the passphrase.  For tips on
            how to select a secure passphrase that is easy to
            remember, see <link
              xlink:href="http://world.std.com/~reinhold/diceware.html">http://world.std.com/~reinhold/diceware.htm</link>.</para>

          <para>This initialization creates a lock file for the
            <application>gbde</application> partition.  In this
            example, it is stored as
            <filename>/etc/gbde/ad4s1c.lock</filename>.  Lock files
            must end in <quote>.lock</quote> in order to be correctly
            detected by the <filename>/etc/rc.d/gbde</filename> start
            up script.</para>

          <caution>
            <para>Lock files <emphasis>must</emphasis> be backed up
              together with the contents of any encrypted partitions.
              Without the lock file, the legitimate owner will be
              unable to access the data on the encrypted
              partition.</para>
          </caution>
        </step>

        <step>
          <title>Attach the Encrypted Partition to the
            Kernel</title>

          <screen>&prompt.root; <userinput>gbde attach /dev/ad4s1c -l /etc/gbde/ad4s1c.lock</userinput></screen>

          <para>This command will prompt to input the passphrase that
            was selected during the initialization of the encrypted
            partition.  The new encrypted device will appear in
            <filename>/dev</filename> as
            <filename>/dev/device_name.bde</filename>:</para>

          <screen>&prompt.root; <userinput>ls /dev/ad*</userinput>
/dev/ad0        /dev/ad0s1b     /dev/ad0s1e     /dev/ad4s1
/dev/ad0s1      /dev/ad0s1c     /dev/ad0s1f     /dev/ad4s1c
/dev/ad0s1a     /dev/ad0s1d     /dev/ad4        /dev/ad4s1c.bde</screen>
        </step>

        <step>
          <title>Create a File System on the Encrypted
            Device</title>

          <para>Once the encrypted device has been attached to the
            kernel, a file system can be created on the device.  This
            example creates a <acronym>UFS</acronym> file system with
            soft updates enabled.  Be sure to specify the partition
            which has a
            <filename><replaceable>*</replaceable>.bde</filename>
            extension:</para>

          <screen>&prompt.root; <userinput>newfs -U /dev/ad4s1c.bde</userinput></screen>
        </step>

        <step>
          <title>Mount the Encrypted Partition</title>

          <para>Create a mount point and mount the encrypted file
            system:</para>

          <screen>&prompt.root; <userinput>mkdir /private</userinput>
&prompt.root; <userinput>mount /dev/ad4s1c.bde /private</userinput></screen>
        </step>

        <step>
          <title>Verify That the Encrypted File System is
            Available</title>

          <para>The encrypted file system should now be visible and
            available for use:</para>

          <screen>&prompt.user; <userinput>df -H</userinput>
Filesystem        Size   Used  Avail Capacity  Mounted on
/dev/ad0s1a      1037M    72M   883M     8%    /
/devfs            1.0K   1.0K     0B   100%    /dev
/dev/ad0s1f       8.1G    55K   7.5G     0%    /home
/dev/ad0s1e      1037M   1.1M   953M     0%    /tmp
/dev/ad0s1d       6.1G   1.9G   3.7G    35%    /usr
/dev/ad4s1c.bde   150G   4.1K   138G     0%    /private</screen>
        </step>
      </procedure>

      <para>After each boot, any encrypted file systems must be
        manually re-attached to the kernel, checked for errors, and
        mounted, before the file systems can be used.  To configure
        these steps, add the following lines to
        <filename>/etc/rc.conf</filename>:</para>

      <programlisting>gbde_autoattach_all="YES"
gbde_devices="<replaceable>ad4s1c</replaceable>"
gbde_lockdir="/etc/gbde"</programlisting>

      <para>This requires that the passphrase be entered at the
        console at boot time.  After typing the correct passphrase,
        the encrypted partition will be mounted automatically.
        Additional <application>gbde</application> boot options are
        available and listed in &man.rc.conf.5;.</para>

<!--
What about bsdinstall?
-->
      <note>
        <para><application>sysinstall</application> is incompatible
          with <application>gbde</application>-encrypted devices.  All
          <filename>*.bde</filename> devices must be detached from the
          kernel before starting <application>sysinstall</application>
          or it will crash during its initial probing for devices.  To
          detach the encrypted device used in the example, use the
          following command:</para>

        <screen>&prompt.root; <userinput>gbde detach /dev/<replaceable>ad4s1c</replaceable></userinput></screen>
      </note>
    </sect2>

    <sect2 xml:id="disks-encrypting-geli">
      <info>
        <title>Disk Encryption with <command>geli</command></title>

        <authorgroup>
          <author>
            <personname>
              <firstname>Daniel</firstname>
              <surname>Gerzo</surname>
            </personname>
            <contrib>Contributed by </contrib>
          </author>
        </authorgroup>
      </info>

      <para>An alternative cryptographic <acronym>GEOM</acronym> class
        is available using <command>geli</command>.  This control
        utility adds some features and uses a different scheme for
        doing cryptographic work.  It provides the following
        features:</para>

      <itemizedlist>
        <listitem>
          <para>Utilizes the &man.crypto.9; framework and
            automatically uses cryptographic hardware when it is
            available.</para>
        </listitem>

        <listitem>
          <para>Supports multiple cryptographic algorithms such as
            <acronym>AES</acronym>, Blowfish, and
            <acronym>3DES</acronym>.</para>
        </listitem>

        <listitem>
          <para>Allows the root partition to be encrypted.  The
            passphrase used to access the encrypted root partition
            will be requested during system boot.</para>
        </listitem>

        <listitem>
          <para>Allows the use of two independent keys.</para>
        </listitem>

        <listitem>
          <para>It is fast as it performs simple sector-to-sector
            encryption.</para>
        </listitem>

        <listitem>
          <para>Allows backup and restore of master keys.  If a user
            destroys their keys, it is still possible to get access to
            the data by restoring keys from the backup.</para>
        </listitem>

        <listitem>
          <para>Allows a disk to attach with a random, one-time key
            which is useful for swap partitions and temporary file
            systems.</para>
        </listitem>
      </itemizedlist>

      <para>More features and usage examples can be found in
        &man.geli.8;.</para>

      <para>The following example describes how to generate a key file
        which will be used as part of the master key for the encrypted
        provider mounted under <filename>/private</filename>.  The key
        file will provide some random data used to encrypt the master
        key.  The master key will also be protected by a passphrase.
        The provider's sector size will be 4kB.  The example describes
        how to attach to the <command>geli</command> provider, create
        a file system on it, mount it, work with it, and finally, how
        to detach it.</para>

      <procedure>
        <title>Encrypting a Partition with
          <command>geli</command></title>

        <step>
          <title>Load <command>geli</command> Support</title>

          <para>Support for <command>geli</command> is available as a
            loadable kernel module.  To configure the system to
            automatically load the module at boot time, add the
            following line to
            <filename>/boot/loader.conf</filename>:</para>

          <programlisting>geom_eli_load="YES"</programlisting>

          <para>To load the kernel module now:</para>

          <screen>&prompt.root; <userinput>kldload geom_eli</userinput></screen>

          <para>For a custom kernel, ensure the kernel configuration
            file contains these lines:</para>

          <programlisting>options GEOM_ELI
device crypto</programlisting>
        </step>

        <step>
          <title>Generate the Master Key</title>

          <para>The following commands generate a master key that all
            data will be encrypted with.  This key can never be changed.
            Rather than using it directly, it is encrypted with one
            or more user keys.  The user keys are made up of an
            optional combination of random bytes from a file,
            <filename>/root/da2.key</filename>, and/or a passphrase.
            In this case, the data source for the key file is
            <filename>/dev/random</filename>. This command also
            configures the sector size of the provider
            (<filename>/dev/da2.eli</filename>) as 4kB, for better
            performance:</para>

          <screen>&prompt.root; <userinput>dd if=/dev/random of=/root/da2.key bs=64 count=1</userinput>
&prompt.root; <userinput>geli init -K /root/da2.key -s 4096 /dev/da2</userinput>
Enter new passphrase:
Reenter new passphrase:</screen>

          <para>It is not mandatory to use both a passphrase and a key
            file as either method of securing the master key can be
            used in isolation.</para>

          <para>If the key file is given as <quote>-</quote>, standard
            input will be used.  For example, this command generates
            three key files:</para>

          <screen>&prompt.root; <userinput>cat keyfile1 keyfile2 keyfile3 | geli init -K - /dev/da2</userinput></screen>
        </step>

        <step>
          <title>Attach the Provider with the Generated Key</title>

          <para>To attach the provider, specify the key file, the name
            of the disk, and the passphrase:</para>

          <screen>&prompt.root; <userinput>geli attach -k /root/da2.key /dev/da2</userinput>
Enter passphrase:</screen>

          <para>This creates a new device with an
            <filename>.eli</filename> extension:</para>

          <screen>&prompt.root; <userinput>ls /dev/da2*</userinput>
/dev/da2  /dev/da2.eli</screen>
        </step>

        <step>
          <title>Create the New File System</title>

          <para>Next, format the device with the
            <acronym>UFS</acronym> file system and mount it on an
            existing mount point:</para>

          <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/da2.eli bs=1m</userinput>
&prompt.root; <userinput>newfs /dev/da2.eli</userinput>
&prompt.root; <userinput>mount /dev/da2.eli <replaceable>/private</replaceable></userinput></screen>

          <para>The encrypted file system should now be available for
            use:</para>

          <screen>&prompt.root; <userinput>df -H</userinput>
Filesystem     Size   Used  Avail Capacity  Mounted on
/dev/ad0s1a    248M    89M   139M    38%    /
/devfs         1.0K   1.0K     0B   100%    /dev
/dev/ad0s1f    7.7G   2.3G   4.9G    32%    /usr
/dev/ad0s1d    989M   1.5M   909M     0%    /tmp
/dev/ad0s1e    3.9G   1.3G   2.3G    35%    /var
/dev/da2.eli   150G   4.1K   138G     0%    /private</screen>
        </step>
      </procedure>

      <para>Once the work on the encrypted partition is done, and the
        <filename>/private</filename> partition is no longer needed,
        it is prudent to put the device into cold storage by
        unmounting and detaching the <command>geli</command> encrypted
        partition from the kernel:</para>

      <screen>&prompt.root; <userinput>umount /private</userinput>
&prompt.root; <userinput>geli detach da2.eli</userinput></screen>

      <para>A <filename>rc.d</filename> script is provided to
        simplify the mounting of <command>geli</command>-encrypted
        devices at boot time.  For this example, add these lines to
        <filename>/etc/rc.conf</filename>:</para>

      <programlisting>geli_devices="<replaceable>da2</replaceable>"
geli_da2_flags="-k /root/<replaceable>da2.key</replaceable>"</programlisting>

      <para>This configures <filename>/dev/da2</filename> as a
        <command>geli</command> provider with a master key of
        <filename>/root/da2.key</filename>.  The system will
        automatically detach the provider from the kernel before the
        system shuts down.  During the startup process, the script
        will prompt for the passphrase before attaching the provider.
        Other kernel messages might be shown before and after the
        password prompt.  If the boot process seems to stall, look
        carefully for the password prompt among the other messages.
        Once the correct passphrase is entered, the provider is
        attached.  The file system is then mounted, typically by an
        entry in <filename>/etc/fstab</filename>.  Refer to <xref
          linkend="mount-unmount"/> for instructions on how to
        configure a file system to mount at boot time.</para>
    </sect2>
  </sect1>

  <sect1 xml:id="swap-encrypting">
    <info>
      <title>Encrypting Swap</title>

      <authorgroup>
        <author>
          <personname>
            <firstname>Christian</firstname>
            <surname>Brueffer</surname>
          </personname>
          <contrib>Written by </contrib>
        </author>
      </authorgroup>
    </info>

    <indexterm>
      <primary>swap</primary>
      <secondary>encrypting</secondary>
    </indexterm>

    <para>Like the encryption of disk partitions, encryption of swap
      space is used to protect sensitive information.  Consider an
      application that deals with passwords.  As long as these
      passwords stay in physical memory, they are not written to disk
      and will be cleared after a reboot.  However, if &os; starts
      swapping out memory pages to free space, the passwords may be
      written to the disk unencrypted.  Encrypting swap space can be a
      solution for this scenario.</para>

    <para>This section demonstrates how to configure an encrypted
      swap partition using &man.gbde.8; or &man.geli.8; encryption.
      It assumes that
      <filename>/dev/ada0s1b</filename> is the swap partition.</para>

    <sect2>
      <title>Configuring Encrypted Swap</title>

      <para>Swap partitions are not encrypted by default and should be
        cleared of any sensitive data before continuing.  To overwrite
        the current swap partition with random garbage, execute the
        following command:</para>

      <screen>&prompt.root; <userinput>dd if=/dev/random of=/dev/<replaceable>ada0s1b</replaceable> bs=1m</userinput></screen>

      <para>To encrypt the swap partition using &man.gbde.8;, add the
        <literal>.bde</literal> suffix to the swap line in
        <filename>/etc/fstab</filename>:</para>

      <programlisting># Device          Mountpoint      FStype  Options         Dump    Pass#
/dev/ada0s1b.bde        none            swap    sw              0       0</programlisting>

      <para>To instead encrypt the swap partition using &man.geli.8;,
        use the
        <literal>.eli</literal> suffix:</para>

      <programlisting># Device          Mountpoint      FStype  Options         Dump    Pass#
/dev/ada0s1b.eli        none            swap    sw              0       0</programlisting>

      <para>By default, &man.geli.8; uses the <acronym>AES</acronym>
        algorithm with a key length of 128 bits.  Normally the default
        settings will suffice.  If desired, these defaults can be
        altered in the options field in
        <filename>/etc/fstab</filename>.  The possible flags
        are:</para>

      <variablelist>
        <varlistentry>
          <term>aalgo</term>
          <listitem>
            <para>Data integrity verification algorithm used to ensure
              that the encrypted data has not been tampered with.  See
              &man.geli.8; for a list of supported algorithms.</para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>ealgo</term>
          <listitem>
            <para>Encryption algorithm used to protect the data.  See
              &man.geli.8; for a list of supported algorithms.</para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>keylen</term>
          <listitem>
            <para>The length of the key used for the encryption
              algorithm.  See &man.geli.8; for the key lengths that
              are supported by each encryption algorithm.</para>
          </listitem>
        </varlistentry>

        <varlistentry>
          <term>sectorsize</term>
          <listitem>
            <para>The size of the blocks data is broken into before
              it is encrypted.  Larger sector sizes increase
              performance at the cost of higher storage
              overhead.  The recommended size is 4096 bytes.</para>
          </listitem>
        </varlistentry>
      </variablelist>

      <para>This example configures an encrypted swap partition using
        the Blowfish algorithm with a key length of 128 bits and a
        sectorsize of 4 kilobytes:</para>

      <programlisting># Device          Mountpoint      FStype  Options                         Dump    Pass#
/dev/ada0s1b.eli        none            swap    sw,ealgo=blowfish,keylen=128,sectorsize=4096    0       0</programlisting>

    </sect2>

    <sect2>
      <title>Encrypted Swap Verification</title>

      <para>Once the system has rebooted, proper operation of the
        encrypted swap can be verified using
        <command>swapinfo</command>.</para>

      <para>If &man.gbde.8; is being used:</para>

      <screen>&prompt.user; <userinput>swapinfo</userinput>
Device          1K-blocks     Used    Avail Capacity
/dev/ada0s1b.bde   542720        0   542720     0%</screen>

      <para>If &man.geli.8; is being used:</para>

      <screen>&prompt.user; <userinput>swapinfo</userinput>
Device          1K-blocks     Used    Avail Capacity
/dev/ada0s1b.eli   542720        0   542720     0%</screen>
    </sect2>
  </sect1>

  <sect1 xml:id="disks-hast">
    <info>
      <title>Highly Available Storage
        (<acronym>HAST</acronym>)</title>

      <authorgroup>
        <author>
          <personname>
            <firstname>Daniel</firstname>
            <surname>Gerzo</surname>
          </personname>
          <contrib>Contributed by </contrib>
        </author>
      </authorgroup>

      <authorgroup>
        <author>
          <personname>
            <firstname>Freddie</firstname>
            <surname>Cash</surname>
          </personname>
          <contrib>With inputs from </contrib>
        </author>

        <author>
          <personname>
            <firstname>Pawel Jakub</firstname>
            <surname>Dawidek</surname>
          </personname>
        </author>

        <author>
          <personname>
            <firstname>Michael W.</firstname>
            <surname>Lucas</surname>
          </personname>
        </author>

        <author>
          <personname>
            <firstname>Viktor</firstname>
            <surname>Petersson</surname>
          </personname>
        </author>
      </authorgroup>
    </info>

    <indexterm>
      <primary>HAST</primary>
      <secondary>high availability</secondary>
    </indexterm>

    <para>High availability is one of the main requirements in
      serious business applications and highly-available storage is a
      key component in such environments.  In &os;, the Highly
      Available STorage (<acronym>HAST</acronym>) framework allows
      transparent storage of the same data across several physically
      separated machines connected by a <acronym>TCP/IP</acronym>
      network.  <acronym>HAST</acronym> can be understood as a
      network-based RAID1 (mirror), and is similar to the DRBD&reg;
      storage system used in the GNU/&linux; platform.  In combination
      with other high-availability features of &os; like
      <acronym>CARP</acronym>, <acronym>HAST</acronym> makes it
      possible to build a highly-available storage cluster that is
      resistant to hardware failures.</para>

    <para>The following are the main features of
      <acronym>HAST</acronym>:</para>

    <itemizedlist>
      <listitem>
        <para>Can be used to mask <acronym>I/O</acronym> errors on
          local hard drives.</para>
      </listitem>

      <listitem>
        <para>File system agnostic as it works with any file system
          supported by &os;.</para>
      </listitem>

      <listitem>
        <para>Efficient and quick resynchronization as only the blocks
          that were modified during the downtime of a node are
          synchronized.</para>
      </listitem>

      <!--
      <listitem>
        <para>Has several synchronization modes to allow for fast
          failover.</para>
      </listitem>
      -->

      <listitem>
        <para>Can be used in an already deployed environment to add
          additional redundancy.</para>
      </listitem>

      <listitem>
        <para>Together with <acronym>CARP</acronym>,
          <application>Heartbeat</application>, or other tools, it can
          be used to build a robust and durable storage system.</para>
      </listitem>
    </itemizedlist>

    <para>After reading this section, you will know:</para>

    <itemizedlist>
      <listitem>
        <para>What <acronym>HAST</acronym> is, how it works, and
          which features it provides.</para>
      </listitem>

      <listitem>
        <para>How to set up and use <acronym>HAST</acronym> on
          &os;.</para>
      </listitem>

      <listitem>
        <para>How to integrate <acronym>CARP</acronym> and
          &man.devd.8; to build a robust storage system.</para>
      </listitem>
    </itemizedlist>

    <para>Before reading this section, you should:</para>

    <itemizedlist>
      <listitem>
        <para>Understand &unix; and &os; basics (<xref
            linkend="basics"/>).</para>
      </listitem>

      <listitem>
        <para>Know how to configure network
          interfaces and other core &os; subsystems (<xref
            linkend="config-tuning"/>).</para>
      </listitem>

      <listitem>
        <para>Have a good understanding of &os;
          networking (<xref
            linkend="network-communication"/>).</para>
      </listitem>
    </itemizedlist>

    <para>The <acronym>HAST</acronym> project was sponsored by The
      &os; Foundation with support from <link
        xlink:href="http://www.omc.net/">http://www.omc.net/</link>
      and <link
        xlink:href="http://www.transip.nl/">http://www.transip.nl/</link>.</para>

    <sect2>
      <title>HAST Operation</title>

      <para><acronym>HAST</acronym> provides synchronous block-level
        replication between two physical machines: the
        <emphasis>primary</emphasis>, also known as the
        <emphasis>master</emphasis> node, and the
        <emphasis>secondary</emphasis>, or <emphasis>slave</emphasis>
        node.  These two machines together are referred to as a
        cluster.</para>

      <para>Since <acronym>HAST</acronym> works in a primary-secondary
        configuration, it allows only one of the cluster nodes to be
        active at any given time.  The primary node, also called
        <emphasis>active</emphasis>, is the one which will handle all
        the <acronym>I/O</acronym> requests to
        <acronym>HAST</acronym>-managed devices.  The secondary node
        is automatically synchronized from the primary node.</para>

      <para>The physical components of the <acronym>HAST</acronym>
        system are the local disk on primary node, and the disk on the
        remote, secondary node.</para>

      <para><acronym>HAST</acronym> operates synchronously on a block
        level, making it transparent to file systems and applications.
        <acronym>HAST</acronym> provides regular GEOM providers in
        <filename>/dev/hast/</filename> for use by other tools or
        applications.  There is no difference between using
        <acronym>HAST</acronym>-provided devices and raw disks or
        partitions.</para>

      <para>Each write, delete, or flush operation is sent to both the
        local disk and to the remote disk over
        <acronym>TCP/IP</acronym>.  Each read operation is served from
        the local disk, unless the local disk is not up-to-date or an
        <acronym>I/O</acronym> error occurs.  In such cases, the read
        operation is sent to the secondary node.</para>

      <para><acronym>HAST</acronym> tries to provide fast failure
        recovery.  For this reason, it is important to reduce
        synchronization time after a node's outage.  To provide fast
        synchronization, <acronym>HAST</acronym> manages an on-disk
        bitmap of dirty extents and only synchronizes those during a
        regular synchronization, with an exception of the initial
        sync.</para>

      <para>There are many ways to handle synchronization.
        <acronym>HAST</acronym> implements several replication modes
        to handle different synchronization methods:</para>

      <itemizedlist>
        <listitem>
          <para><emphasis>memsync</emphasis>: This mode reports a
            write operation as completed when the local write
            operation is finished and when the remote node
            acknowledges data arrival, but before actually storing the
            data.  The data on the remote node will be stored directly
            after sending the acknowledgement.  This mode is intended
            to reduce latency, but still provides good reliability.
            This mode is the default.</para>
        </listitem>

        <listitem>
          <para><emphasis>fullsync</emphasis>: This mode reports a
            write operation as completed when both the local write and
            the remote write complete.  This is the safest and the
            slowest replication mode.</para>
        </listitem>

        <listitem>
          <para><emphasis>async</emphasis>: This mode reports a write
            operation as completed when the local write completes.
            This is the fastest and the most dangerous replication
            mode.  It should only be used when replicating to a
            distant node where latency is too high for other
            modes.</para>
        </listitem>
      </itemizedlist>
    </sect2>

    <sect2>
      <title>HAST Configuration</title>

      <para>The <acronym>HAST</acronym> framework consists of several
        components:</para>

      <itemizedlist>
        <listitem>
          <para>The &man.hastd.8; daemon which provides data
            synchronization.  When this daemon is started, it will
            automatically load <varname>geom_gate.ko</varname>.</para>
        </listitem>

        <listitem>
          <para>The userland management utility,
            &man.hastctl.8;.</para>
        </listitem>

        <listitem>
          <para>The &man.hast.conf.5; configuration file.  This file
            must exist before starting
            <application>hastd</application>.</para>
        </listitem>
      </itemizedlist>

      <para>Users who prefer to statically build
        <literal>GEOM_GATE</literal> support into the kernel should
        add this line to the custom kernel configuration file, then
        rebuild the kernel using the instructions in <xref
          linkend="kernelconfig"/>:</para>

      <programlisting>options   GEOM_GATE</programlisting>

      <para>The following example describes how to configure two nodes
        in master-slave/primary-secondary operation using
        <acronym>HAST</acronym> to replicate the data between the two.
        The nodes will be called <literal>hasta</literal>, with an
        <acronym>IP</acronym> address of
        <literal>172.16.0.1</literal>, and <literal>hastb</literal>,
        with an <acronym>IP</acronym> address of
        <literal>172.16.0.2</literal>.  Both nodes will have a
        dedicated hard drive <filename>/dev/ad6</filename> of the same
        size for <acronym>HAST</acronym> operation.  The
        <acronym>HAST</acronym> pool, sometimes referred to as a
        resource or the <acronym>GEOM</acronym> provider in <filename
          >/dev/hast/</filename>, will be called
        <literal>test</literal>.</para>

      <para>Configuration of <acronym>HAST</acronym> is done using
        <filename>/etc/hast.conf</filename>.  This file should be
        identical on both nodes.  The simplest configuration
        is:</para>

      <programlisting>resource <replaceable>test</replaceable> {
        on <replaceable>hasta</replaceable> {
                local <replaceable>/dev/ad6</replaceable>
                remote <replaceable>172.16.0.2</replaceable>
        }
        on <replaceable>hastb</replaceable> {
                local <replaceable>/dev/ad6</replaceable>
                remote <replaceable>172.16.0.1</replaceable>
        }
}</programlisting>

      <para>For more advanced configuration, refer to
        &man.hast.conf.5;.</para>

      <tip>
        <para>It is also possible to use host names in the
          <literal>remote</literal> statements if the hosts are
          resolvable and defined either in
          <filename>/etc/hosts</filename> or in the local
          <acronym>DNS</acronym>.</para>
      </tip>

      <para>Once the configuration exists on both nodes, the
        <acronym>HAST</acronym> pool can be created.  Run these
        commands on both nodes to place the initial metadata onto the
        local disk and to start &man.hastd.8;:</para>

      <screen>&prompt.root; <userinput>hastctl create <replaceable>test</replaceable></userinput>
&prompt.root; <userinput>service hastd onestart</userinput></screen>

      <note>
        <para>It is <emphasis>not</emphasis> possible to use
          <acronym>GEOM</acronym>
          providers with an existing file system or to convert an
          existing storage to a <acronym>HAST</acronym>-managed pool.
          This procedure needs to store some metadata on the provider
          and there will not be enough required space available on an
          existing provider.</para>
      </note>

      <para>A HAST node's <literal>primary</literal> or
        <literal>secondary</literal> role is selected by an
        administrator, or software like
        <application>Heartbeat</application>, using &man.hastctl.8;.
        On the primary node, <literal>hasta</literal>, issue this
        command:</para>

      <screen>&prompt.root; <userinput>hastctl role primary <replaceable>test</replaceable></userinput></screen>

      <para>Run this command on the secondary node,
        <literal>hastb</literal>:</para>

      <screen>&prompt.root; <userinput>hastctl role secondary <replaceable>test</replaceable></userinput></screen>

      <para>Verify the result by running <command>hastctl</command> on
        each node:</para>

      <screen>&prompt.root; <userinput>hastctl status <replaceable>test</replaceable></userinput></screen>

      <para>Check the <literal>status</literal> line in the output.
        If it says <literal>degraded</literal>, something is wrong
        with the configuration file.  It should say
        <literal>complete</literal> on each node, meaning that the
        synchronization between the nodes has started.  The
        synchronization completes when <command>hastctl
          status</command> reports 0 bytes of <literal>dirty</literal>
        extents.</para>

      <para>The next step is to create a file system on the
        <acronym>GEOM</acronym> provider and mount it.  This must be
        done on the <literal>primary</literal> node.  Creating the
        file system can take a few minutes, depending on the size of
        the hard drive.  This example creates a <acronym>UFS</acronym>
        file system on <filename>/dev/hast/test</filename>:</para>

      <screen>&prompt.root; <userinput>newfs -U /dev/hast/<replaceable>test</replaceable></userinput>
&prompt.root; <userinput>mkdir /hast/<replaceable>test</replaceable></userinput>
&prompt.root; <userinput>mount /dev/hast/<replaceable>test</replaceable> <replaceable>/hast/test</replaceable></userinput></screen>

      <para>Once the <acronym>HAST</acronym> framework is configured
        properly, the final step is to make sure that
        <acronym>HAST</acronym> is started automatically during
        system boot.  Add this line to
        <filename>/etc/rc.conf</filename>:</para>

      <programlisting>hastd_enable="YES"</programlisting>

      <sect3>
        <title>Failover Configuration</title>

        <para>The goal of this example is to build a robust storage
          system which is resistant to the failure of any given node.
          If the primary node fails, the secondary node is there to
          take over seamlessly, check and mount the file system, and
          continue to work without missing a single bit of
          data.</para>

        <para>To accomplish this task, the Common Address Redundancy
          Protocol (<acronym>CARP</acronym>) is used to provide for
          automatic failover at the <acronym>IP</acronym> layer.
          <acronym>CARP</acronym> allows multiple hosts on the same
          network segment to share an <acronym>IP</acronym> address.
          Set up <acronym>CARP</acronym> on both nodes of the cluster
          according to the documentation available in <xref
            linkend="carp"/>.  In this example, each node will have
          its own management <acronym>IP</acronym> address and a
          shared <acronym>IP</acronym> address of
          <replaceable>172.16.0.254</replaceable>.  The primary
          <acronym>HAST</acronym> node of the cluster must be the
          master <acronym>CARP</acronym> node.</para>

        <para>The <acronym>HAST</acronym> pool created in the previous
          section is now ready to be exported to the other hosts on
          the network.  This can be accomplished by exporting it
          through <acronym>NFS</acronym> or
          <application>Samba</application>, using the shared
          <acronym>IP</acronym> address
          <replaceable>172.16.0.254</replaceable>.  The only problem
          which remains unresolved is an automatic failover should the
          primary node fail.</para>

        <para>In the event of <acronym>CARP</acronym> interfaces going
          up or down, the &os; operating system generates a
          &man.devd.8; event, making it possible to watch for state
          changes on the <acronym>CARP</acronym> interfaces.  A state
          change on the <acronym>CARP</acronym> interface is an
          indication that one of the nodes failed or came back online.
          These state change events make it possible to run a script
          which will automatically handle the HAST failover.</para>

        <para>To catch state changes on the
          <acronym>CARP</acronym> interfaces, add this configuration
          to <filename>/etc/devd.conf</filename> on each node:</para>

        <programlisting>notify 30 {
        match "system" "IFNET";
        match "subsystem" "carp0";
        match "type" "LINK_UP";
        action "/usr/local/sbin/carp-hast-switch master";
};

notify 30 {
        match "system" "IFNET";
        match "subsystem" "carp0";
        match "type" "LINK_DOWN";
        action "/usr/local/sbin/carp-hast-switch slave";
};</programlisting>

        <note>
          <para>If the systems are running &os;&nbsp;10 or higher,
            replace <filename>carp0</filename> with the name of the
            <acronym>CARP</acronym>-configured interface.</para>
        </note>

        <para>Restart &man.devd.8; on both nodes to put the new
          configuration into effect:</para>

        <screen>&prompt.root; <userinput>service devd restart</userinput></screen>

        <para>When the specified interface state changes by going up
          or down , the system generates a notification, allowing the
          &man.devd.8; subsystem to run the specified automatic
          failover script,
          <filename>/usr/local/sbin/carp-hast-switch</filename>.
          For further clarification about this configuration, refer to
          &man.devd.conf.5;.</para>

        <para>Here is an example of an automated failover
          script:</para>

        <programlisting>#!/bin/sh

# Original script by Freddie Cash &lt;fjwcash@gmail.com&gt;
# Modified by Michael W. Lucas &lt;mwlucas@BlackHelicopters.org&gt;
# and Viktor Petersson &lt;vpetersson@wireload.net&gt;

# The names of the HAST resources, as listed in /etc/hast.conf
resources="<replaceable>test</replaceable>"

# delay in mounting HAST resource after becoming master
# make your best guess
delay=3

# logging
log="local0.debug"
name="carp-hast"

# end of user configurable stuff

case "$1" in
        master)
                logger -p $log -t $name "Switching to primary provider for ${resources}."
                sleep ${delay}

                # Wait for any "hastd secondary" processes to stop
                for disk in ${resources}; do
                        while $( pgrep -lf "hastd: ${disk} \(secondary\)" &gt; /dev/null 2&gt;&amp;1 ); do
                                sleep 1
                        done

                        # Switch role for each disk
                        hastctl role primary ${disk}
                        if [ $? -ne 0 ]; then
                                logger -p $log -t $name "Unable to change role to primary for resource ${disk}."
                                exit 1
                        fi
                done

                # Wait for the /dev/hast/* devices to appear
                for disk in ${resources}; do
                        for I in $( jot 60 ); do
                                [ -c "/dev/hast/${disk}" ] &amp;&amp; break
                                sleep 0.5
                        done

                        if [ ! -c "/dev/hast/${disk}" ]; then
                                logger -p $log -t $name "GEOM provider /dev/hast/${disk} did not appear."
                                exit 1
                        fi
                done

                logger -p $log -t $name "Role for HAST resources ${resources} switched to primary."


                logger -p $log -t $name "Mounting disks."
                for disk in ${resources}; do
                        mkdir -p /hast/${disk}
                        fsck -p -y -t ufs /dev/hast/${disk}
                        mount /dev/hast/${disk} /hast/${disk}
                done

        ;;

        slave)
                logger -p $log -t $name "Switching to secondary provider for ${resources}."

                # Switch roles for the HAST resources
                for disk in ${resources}; do
                        if ! mount | grep -q "^/dev/hast/${disk} on "
                        then
                        else
                                umount -f /hast/${disk}
                        fi
                        sleep $delay
                        hastctl role secondary ${disk} 2&gt;&amp;1
                        if [ $? -ne 0 ]; then
                                logger -p $log -t $name "Unable to switch role to secondary for resource ${disk}."
                                exit 1
                        fi
                        logger -p $log -t $name "Role switched to secondary for resource ${disk}."
                done
        ;;
esac</programlisting>

        <para>In a nutshell, the script takes these actions when a
          node becomes master:</para>

        <itemizedlist>
          <listitem>
            <para>Promotes the <acronym>HAST</acronym> pool to
              primary on the other node.</para>
          </listitem>

          <listitem>
            <para>Checks the file system under the
              <acronym>HAST</acronym> pool.</para>
          </listitem>

          <listitem>
            <para>Mounts the pool.</para>
          </listitem>
        </itemizedlist>

        <para>When a node becomes secondary:</para>

        <itemizedlist>
          <listitem>
            <para>Unmounts the <acronym>HAST</acronym> pool.</para>
          </listitem>

          <listitem>
            <para>Degrades the <acronym>HAST</acronym> pool to
              secondary.</para>
          </listitem>
        </itemizedlist>

        <caution>
          <para>This is just an example script which serves as a proof
            of concept.  It does not handle all the possible scenarios
            and can be extended or altered in any way, for example, to
            start or stop required services.</para>
        </caution>

        <tip>
          <para>For this example, a standard <acronym>UFS</acronym>
            file system was used.  To reduce the time needed for
            recovery, a journal-enabled <acronym>UFS</acronym> or
            <acronym>ZFS</acronym> file system can be used
            instead.</para>
        </tip>

        <para>More detailed information with additional examples can
          be found at <link
            xlink:href="http://wiki.FreeBSD.org/HAST">http://wiki.FreeBSD.org/HAST</link>.</para>
      </sect3>
    </sect2>

    <sect2>
      <title>Troubleshooting</title>

      <para><acronym>HAST</acronym> should generally work without
        issues.  However, as with any other software product, there
        may be times when it does not work as supposed.  The sources
        of the problems may be different, but the rule of thumb is to
        ensure that the time is synchronized between the nodes of the
        cluster.</para>

      <para>When troubleshooting <acronym>HAST</acronym>, the
        debugging level of &man.hastd.8; should be increased by
        starting <command>hastd</command> with <literal>-d</literal>.
        This argument may be specified multiple times to further
        increase the debugging level.  Consider also using
        <literal>-F</literal>, which starts <command>hastd</command>
        in the foreground.</para>

      <sect3 xml:id="disks-hast-sb">
        <title>Recovering from the Split-brain Condition</title>

        <para><firstterm>Split-brain</firstterm> occurs when the nodes
          of the cluster are unable to communicate with each other,
          and both are configured as primary.  This is a dangerous
          condition because it allows both nodes to make incompatible
          changes to the data.  This problem must be corrected
          manually by the system administrator.</para>

        <para>The administrator must either decide which node has more
          important changes, or perform the merge manually.  Then, let
          <acronym>HAST</acronym> perform full synchronization of the
          node which has the broken data.  To do this, issue these
          commands on the node which needs to be
          resynchronized:</para>

        <screen>&prompt.root; <userinput>hastctl role init <replaceable>test</replaceable></userinput>
&prompt.root; <userinput>hastctl create <replaceable>test</replaceable></userinput>
&prompt.root; <userinput>hastctl role secondary <replaceable>test</replaceable></userinput></screen>
      </sect3>
    </sect2>
  </sect1>
</chapter>